返回 CVE 瀏覽器

CVE-2007-4290

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0690%

EPSS Percentile27.07th

Published2007年8月9日

Last Modified2026年4月23日

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/. NOTE: a third party disputes this vulnerability, noting that these scripts defend against direct requests

Affected Platforms (CPE)

📦

Stadtaus

Guestbook Script

= 1.9

References & Advisories

🔗 http://securityreason.com/securityalert/2988

🔗 http://www.securityfocus.com/archive/1/475854/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/476010/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35876

🔗 http://securityreason.com/securityalert/2988

🔗 http://www.securityfocus.com/archive/1/475854/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/476010/100/0/threaded

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/35876

相關漏洞威脅

CVE-2001-009910.0

bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

CVE-2002-04577.6

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript v...

CVE-2002-05517.5

Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestboo...

CVE-2002-07307.5

Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascrip...