Advanced Guestbook

Advanced Guestbook

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-0605

  • EPSS 9.68%
  • Published 09.05.2007 17:19:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.

7.1

CVE-2007-0608

  • EPSS 1.06%
  • Published 09.05.2007 17:19:00
  • Last modified 09.04.2025 00:30:58

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled ...

5.1

CVE-2007-0609

Exploit
  • EPSS 9.9%
  • Published 09.05.2007 17:19:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename w...

7.5

CVE-2007-0530

  • EPSS 0.9%
  • Published 26.01.2007 01:28:00
  • Last modified 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vec...

7.5

CVE-2006-5804

Exploit
  • EPSS 1.16%
  • Published 08.11.2006 20:07:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in admin.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

4.3

CVE-2005-4649

Exploit
  • EPSS 0.4%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The inde...

7.5

CVE-2005-3588

  • EPSS 0.5%
  • Published 16.11.2005 07:42:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field.

7.5

CVE-2005-1548

Exploit
  • EPSS 0.29%
  • Published 14.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.

6.8

CVE-2004-1213

Exploit
  • EPSS 0.42%
  • Published 10.01.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.

7.5

CVE-2004-1952

Exploit
  • EPSS 0.34%
  • Published 23.04.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.