CVE-2005-4880

Jax Guestbook 3.1-3.31 - Info Disclosure

Title source: llm

Description

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

Exploits (4)

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/26092

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/26091

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/26090

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Lostmon · textwebappsphp

https://www.exploit-db.com/exploits/26089

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16337

Exploit x_refsource_misc

http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html

Scores

EPSS 0.0225

EPSS Percentile 84.7%

Details

CWE

CWE-264

Status published

Products (2)

jax_scripts/jax_guestbook 3.1

jax_scripts/jax_guestbook 3.3.1

Published Mar 31, 2009

Tracked Since Feb 18, 2026