CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-4880

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.022

EPSS Ranking 83.7%

CVSS Severity

CVSS v2 Score 5.0

References

http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html
http://secunia.com/advisories/16337
http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html
http://secunia.com/advisories/16337

Products affected by CVE-2005-4880

Jax Scripts » Jax Guestbook » Version: 3.1

cpe:2.3:a:jax_scripts:jax_guestbook:3.1
Jax Scripts » Jax Guestbook » Version: 3.3.1

cpe:2.3:a:jax_scripts:jax_guestbook:3.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4880

Products

Pricing

Contact Us