CyberSec.Space Logo
Back to CVE Browser

CVE-2008-2638

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile26.92th
PublishedJun 10, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

Affected Platforms (CPE)

πŸ“¦
1 Script

1 Book

<= 1.0.1

References & Advisories

πŸ”— http://1scripts.net/php-scripts/index.php?p=16
πŸ”— http://secunia.com/advisories/30146
πŸ”— http://www.vupen.com/english/advisories/2008/1735/references
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/42854
πŸ”— https://www.exploit-db.com/exploits/5736
πŸ”— http://1scripts.net/php-scripts/index.php?p=16
πŸ”— http://secunia.com/advisories/30146
πŸ”— http://www.vupen.com/english/advisories/2008/1735/references

Related Vulnerabilities

CVE-2000-108910.0

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buff...

CVE-2004-130110.0

Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code v...

CVE-1999-035610.0

ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.

CVE-2017-176019.8

Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.