CVE-2006-6763

Keep It Simple Guest Book - Theme Path Remote File Inclusion Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6763.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in KISGB (Keep It Simple Guest Book) due to improper input validation in the 'default_path_for_themes' parameter in authenticate.php. The exploit is functional for CGI PHP versions, allowing remote code execution by including a malicious file.

Description

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/2979

This exploit demonstrates a Remote File Include (RFI) vulnerability in KISGB (Keep It Simple Guest Book) due to improper input validation in the 'default_path_for_themes' parameter in authenticate.php. The exploit is functional for CGI PHP versions, allowing remote code execution by including a malicious file.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: KISGB (Keep It Simple Guest Book)
No auth needed
Prerequisites: CGI PHP environment · Remote file inclusion enabled on the target server
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455198/100/0/threaded

Scores

EPSS 0.0205
EPSS Percentile 78.7%

Details

Status published
Products (1)
keep_it_simple_guest_book/keep_it_simple_guest_book 5.0
Published Dec 27, 2006
Tracked Since Feb 18, 2026