CVE-2002-1410

Easy Guestbook - Unauthenticated Administrative Access via Direct CGI Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1410. PoCs published by Arek Suroboyo.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Easy Guestbook 1.0, allowing an attacker to delete guestbook entries without proper authentication. The PoC provides a simple HTML form to submit a deletion request directly to the admin.cgi script.

Description

Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Arek Suroboyo · htmlwebappscgi

https://www.exploit-db.com/exploits/21659

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Easy Guestbook 1.0, allowing an attacker to delete guestbook entries without proper authentication. The PoC provides a simple HTML form to submit a deletion request directly to the admin.cgi script.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Easy Guestbook 1.0

No auth needed

Prerequisites: Access to the target's guestbook admin.cgi endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.html

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9697.php

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5341

Scores

EPSS 0.0281

EPSS Percentile 84.7%

Details

Status published

Products (2)

ben_chivers/ben_chivers_guestbook 1.0

easy_scripts_archive/easy_guestbook 1.0

Published Apr 11, 2003

Tracked Since Feb 18, 2026