Description
PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by SoulBlack Group · textwebappsphp
https://www.exploit-db.com/exploits/25941
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112059876828730&w=2
Vendor Advisory x_refsource_misc
http://www.soulblack.com.ar/repo/papers/advisory/myguestbook_advisory.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15927
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014387
Scores
EPSS
0.0174
EPSS Percentile
82.6%
Details
Status
published
Products (1)
levcgi.com/myguestbook
0.6.1
Published
Jul 06, 2005
Tracked Since
Feb 18, 2026