CVE-2005-1425

Uapplication Uguestbook 1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1425. PoCs published by Cyber-Zone.

AI-analyzed exploit summary This exploit targets Uguestbook 1.0 by directly accessing the guestbook.mdb database file via a predictable path. It retrieves the database contents without authentication, leading to an information leak.

Description

Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Cyber-Zone · perlwebappsphp
https://www.exploit-db.com/exploits/8609

This exploit targets Uguestbook 1.0 by directly accessing the guestbook.mdb database file via a predictable path. It retrieves the database contents without authentication, leading to an information leak.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Uguestbook 1.0
No auth needed
Prerequisites: Target must have Uguestbook 1.0 installed with default configuration · Database file must be accessible via direct URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8609
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20314
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013830
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456240/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15995

Scores

EPSS 0.0154
EPSS Percentile 71.6%

Details

CWE
CWE-264
Status published
Products (1)
uapplication/uguestbook 1.0
Published May 03, 2005
Tracked Since Feb 18, 2026