ID CVE-2007-0608
Summary Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. Successful exploitation requires that "register_globals" is enabled.
References
Vulnerable Configurations
  • cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 16-10-2018 - 16:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:N/A:N
refmap via4
bugtraq 20070507 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities
misc http://www.netvigilance.com/advisory0011
osvdb
  • 33876
  • 33878
  • 33879
  • 34362
secunia 25153
sreason 2661
vupen ADV-2007-1726
xf advanced-multiple-script-info-disclosure(34161)
Last major update 16-10-2018 - 16:33
Published 09-05-2007 - 17:19
Last modified 16-10-2018 - 16:33
Back to Top