Description
Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php, (2) ecrire.php, and (3) lire.php. NOTE: it was later reported that the ecrire.php vector also affects 1.2. NOTE: this issue might be limited to a race condition during installation or an improper installation, since a completed installation creates an include file that prevents external control of the $lang variable.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28037
exploitdb
WORKING POC
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28036
exploitdb
WORKING POC
VERIFIED
by SwEET-DeViL · textwebappsphp
https://www.exploit-db.com/exploits/28035
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27114
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/27460
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18476
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437448/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/27461
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1125
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/27462
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437028/100/200/threaded
Scores
EPSS
0.0726
EPSS Percentile
91.7%
Details
CWE
CWE-94
Status
published
Products (1)
mcguestbook/mcguestbook
1.3
Published
Jun 23, 2006
Tracked Since
Feb 18, 2026