CVE Vulnerabilities

CVE-2007-0608

Published: May 09, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

Affected Software

Name Vendor Start Version End Version
Advanced_guestbook Advanced_guestbook 2.4.2 (including) 2.4.2 (including)

References