CyberSec.Space Logo
Back to CVE Browser

CVE-2006-2158

MEDIUM
6.4
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile6.77th
PublishedMay 3, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.

Affected Platforms (CPE)

πŸ“¦
Stadtaus

Guestbook Script

<= 1.7

References & Advisories

πŸ”— http://retrogod.altervista.org/gbs_17_xpl_pl.html
πŸ”— http://secunia.com/advisories/19957
πŸ”— http://www.securityfocus.com/bid/17845
πŸ”— http://www.stadtaus.com/forum/t-2600.html
πŸ”— http://www.vupen.com/english/advisories/2006/1660
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/26252
πŸ”— http://retrogod.altervista.org/gbs_17_xpl_pl.html
πŸ”— http://secunia.com/advisories/19957

Related Vulnerabilities

CVE-2001-009910.0

bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

CVE-2007-42909.8

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code vi...

CVE-2002-04577.6

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript v...

CVE-2002-05517.5

Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestboo...