Description
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gammarays · textwebappsphp
https://www.exploit-db.com/exploits/3735
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23503
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3735
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1393
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2590
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24904
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33666
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/465864/100/0/threaded
Scores
EPSS
0.5608
EPSS Percentile
98.1%
Details
Status
published
Products (1)
limesoft/limesoft_guestbook
1.0
Published
Apr 18, 2007
Tracked Since
Feb 18, 2026