CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-2158

MEDIUM
6.4
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile6.77th
Published2006年5月3日
Last Modified2026年4月16日

Vulnerability Description

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.

Affected Platforms (CPE)

📦
Stadtaus

Guestbook Script

<= 1.7

References & Advisories

🔗 http://retrogod.altervista.org/gbs_17_xpl_pl.html
🔗 http://secunia.com/advisories/19957
🔗 http://www.securityfocus.com/bid/17845
🔗 http://www.stadtaus.com/forum/t-2600.html
🔗 http://www.vupen.com/english/advisories/2006/1660
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26252
🔗 http://retrogod.altervista.org/gbs_17_xpl_pl.html
🔗 http://secunia.com/advisories/19957

相关漏洞威胁

CVE-2001-009910.0

bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

CVE-2007-42909.8

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code vi...

CVE-2002-04577.6

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript v...

CVE-2002-05517.5

Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestboo...