CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-2638

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0180%
EPSS Percentile26.92th
Published2008年6月10日
Last Modified2026年4月23日

Vulnerability Description

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

Affected Platforms (CPE)

📦
1 Script

1 Book

<= 1.0.1

References & Advisories

🔗 http://1scripts.net/php-scripts/index.php?p=16
🔗 http://secunia.com/advisories/30146
🔗 http://www.vupen.com/english/advisories/2008/1735/references
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/42854
🔗 https://www.exploit-db.com/exploits/5736
🔗 http://1scripts.net/php-scripts/index.php?p=16
🔗 http://secunia.com/advisories/30146
🔗 http://www.vupen.com/english/advisories/2008/1735/references

関連する脆弱性情報

CVE-2000-108910.0

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buff...

CVE-2004-130110.0

Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code v...

CVE-1999-035610.0

ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.

CVE-2017-176019.8

Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.