CVE-2007-2093 - Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook)

CVE-2007-2093

Summary

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.

References

http://secunia.com/advisories/24904
http://securityreason.com/securityalert/2590
http://www.securityfocus.com/archive/1/465864/100/0/threaded
http://www.securityfocus.com/bid/23503
http://www.vupen.com/english/advisories/2007/1393
https://exchange.xforce.ibmcloud.com/vulnerabilities/33666
https://www.exploit-db.com/exploits/3735

Vulnerable Configurations

cpe:2.3:a:limesoft:limesoft_guestbook:1.0:*:*:*:*:*:*:*
cpe:2.3:a:limesoft:limesoft_guestbook:1.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2018 - 16:41)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	23503
bugtraq	20070415 LS simple guestbook - arbitrary code execution
exploit-db	3735
secunia	24904
sreason	2590
vupen	ADV-2007-1393
xf	lsguestbook-index-code-execution(33666)

Last major update

16-10-2018 - 16:41

Published

18-04-2007 - 10:19

Last modified

16-10-2018 - 16:41