CVE-2006-6763

KISGB - RCE

Title source: llm

Description

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/2979

View Code ZIP pw:eip

References (2)

[Exploit] http://www.security.nnov.ru/Pdocument470.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/455198/100/0/threaded

Scores

EPSS 0.0135

EPSS Percentile 80.1%

Details

Status published

Products (1)

keep_it_simple_guest_book/keep_it_simple_guest_book 5.0

Published Dec 27, 2006

Tracked Since Feb 18, 2026