CVE-2007-6105

Name of the Vulnerable Software and Affected Versions TalkBack version 2.2.7

Description The issue allows remote attackers to execute arbitrary PHP code via specific parameters in certain PHP files. This can be achieved by manipulating the language file parameter in files such as comments-display-tpl.php and addons/separate-comments-mod/my-comments-display-tpl.php, or the config[comments form tpl] parameter in comments-display-tpl.php.

Recommendations For TalkBack version 2.2.7, consider restricting access to the comments-display-tpl.php and addons/separate-comments-mod/my-comments-display-tpl.php files to minimize the risk of exploitation. Avoid using the language file and config[comments form tpl] parameters in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.