CVE-2006-4007

Knusperleicht Guestbook 3.5 - Remote File Inclusion via GB_PATH Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4007. PoCs published by Kurdish Security.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in GuestBook, where unsanitized user input in the GB_PATH parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Description

PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Kurdish Security · textwebappsphp
https://www.exploit-db.com/exploits/28320

The provided text describes a remote file inclusion vulnerability in GuestBook, where unsanitized user input in the GB_PATH parameter allows arbitrary file inclusion. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: GuestBook (version unspecified)
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker must be able to host malicious PHP code on an accessible server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/441810/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1333
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28133
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19274

Scores

EPSS 0.0248
EPSS Percentile 82.5%

Details

Status published
Products (1)
knusperleicht/knusperleicht_guestbook 3.5
Published Aug 07, 2006
Tracked Since Feb 18, 2026