CVE-2003-1571

Web Wiz Guestbook 6.0 and 8.21 - Unauthenticated Sensitive Information Exposure via Direct Database Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1571. PoCs published by Cold Zero.

AI-analyzed exploit summary This is a writeup describing a path disclosure vulnerability in Web Wiz Guestbook v8.21, where the database file (WWGguestbook.mdb) can be accessed remotely via a direct URL. No exploit code is provided, only a description and a dork for finding vulnerable sites.

Description

Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Cold Zero · textwebappsasp
https://www.exploit-db.com/exploits/7488

This is a writeup describing a path disclosure vulnerability in Web Wiz Guestbook v8.21, where the database file (WWGguestbook.mdb) can be accessed remotely via a direct URL. No exploit code is provided, only a description and a dork for finding vulnerable sites.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Web Wiz Guestbook v8.21
No auth needed
Prerequisites: knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/2492
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7488
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9639

Scores

EPSS 0.0261
EPSS Percentile 83.4%

Details

CWE
CWE-264
Status published
Products (2)
webwizguide/web_wiz_guestbook 6.0
webwizguide/web_wiz_guestbook 8.21
Published Apr 02, 2009
Tracked Since Feb 18, 2026