CVE-2007-0609

Advanced Guestbook 2.4.2 - Directory Traversal via Lang Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0609. PoCs published by netVigilance.

AI-analyzed exploit summary The provided text describes a local file inclusion vulnerability in Advanced Guestbook 2.4.2, where unsanitized user input allows unauthorized file access and script execution. The example URL demonstrates path traversal to access arbitrary files.

Description

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by netVigilance · textwebappsphp

https://www.exploit-db.com/exploits/30015

View Code ZIP pw:eip

The provided text describes a local file inclusion vulnerability in Advanced Guestbook 2.4.2, where unsanitized user input allows unauthorized file access and script execution. The example URL demonstrates path traversal to access arbitrary files.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Advanced Guestbook 2.4.2

No auth needed

Prerequisites: Access to the vulnerable application

devstral-2 · analyzed Feb 16, 2026 Full analysis →