Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-2093. PoCs published by Gammarays.
AI-analyzed exploit summary This exploit demonstrates a file inclusion vulnerability in LS simple guestbook (v1) where unsanitized user input is written to posts.txt and subsequently included, allowing arbitrary PHP code execution.
Description
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gammarays · textwebappsphp
https://www.exploit-db.com/exploits/3735
This exploit demonstrates a file inclusion vulnerability in LS simple guestbook (v1) where unsanitized user input is written to posts.txt and subsequently included, allowing arbitrary PHP code execution.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
LS simple guestbook v1
No auth needed
Prerequisites:
Access to the guestbook's submission form
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23503
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3735
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1393
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2590
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24904
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33666
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/465864/100/0/threaded
Scores
EPSS
0.4569
EPSS Percentile
98.6%
Details
Status
published
Products (1)
limesoft/limesoft_guestbook
1.0
Published
Apr 18, 2007
Tracked Since
Feb 18, 2026