Vulnerability Details CVE-2007-2093
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.234
EPSS Ranking 95.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/24904
- http://securityreason.com/securityalert/2590
- http://www.securityfocus.com/archive/1/465864/100/0/threaded
- http://www.securityfocus.com/bid/23503
- http://www.vupen.com/english/advisories/2007/1393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33666
- https://www.exploit-db.com/exploits/3735
- http://secunia.com/advisories/24904
- http://securityreason.com/securityalert/2590
- http://www.securityfocus.com/archive/1/465864/100/0/threaded
- http://www.securityfocus.com/bid/23503
- http://www.vupen.com/english/advisories/2007/1393
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33666
- https://www.exploit-db.com/exploits/3735
Products affected by CVE-2007-2093
-
cpe:2.3:a:limesoft:limesoft_guestbook:1.0