CVE-2007-1998

HIOX Guest Book <4.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1998. PoCs published by Dj7xpl.

AI-analyzed exploit summary This exploit demonstrates a remote code execution vulnerability in HIOX FREE Guest Book 4.0 by injecting PHP code into the email field, which is then executed when accessed via a crafted URL. The PoC provides clear steps to exploit the vulnerability.

Description

Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Dj7xpl · textwebappsphp
https://www.exploit-db.com/exploits/3697

This exploit demonstrates a remote code execution vulnerability in HIOX FREE Guest Book 4.0 by injecting PHP code into the email field, which is then executed when accessed via a crafted URL. The PoC provides clear steps to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: HIOX FREE Guest Book 4.0
No auth needed
Prerequisites: Access to the guest book application · Ability to submit a guest book entry
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1333
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33540
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24835
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3697

Scores

EPSS 0.0875
EPSS Percentile 94.5%

Details

Status published
Products (1)
hiox_india/guest_book 4.0
Published Apr 12, 2007
Tracked Since Feb 18, 2026