CVE-2007-2092

Limesoft Guestbook - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2092.

AI-analyzed exploit summary This is a technical writeup describing a file inclusion vulnerability in LS simple guestbook (v1) where unsanitized user input is written to posts.txt and subsequently included, leading to arbitrary PHP code execution. The advisory includes a proof-of-concept example and a recommended patch.

Description

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/3735

View Code ZIP pw:eip

This is a technical writeup describing a file inclusion vulnerability in LS simple guestbook (v1) where unsanitized user input is written to posts.txt and subsequently included, leading to arbitrary PHP code execution. The advisory includes a proof-of-concept example and a recommended patch.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: LS simple guestbook v1

No auth needed

Prerequisites: Access to the guestbook's submission form

MITRE ATT&CK

T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1393

Scores

EPSS 0.0193

EPSS Percentile 77.4%

Details

Status published

Products (1)

limesoft/limesoft_guestbook 1.0

Published Apr 18, 2007

Tracked Since Feb 18, 2026