CVE-2008-3320

Maian Guestbook < 3.2 - Unauthenticated Authentication Bypass via gbook_cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3320. PoCs published by S.W.A.T..

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Maian Guestbook <= 3.2 by setting an insecure cookie via JavaScript. The admin panel only checks for the presence of the cookie, not its content, allowing arbitrary users to gain admin access.

Description

admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by S.W.A.T. · textwebappsphp
https://www.exploit-db.com/exploits/6061

This exploit demonstrates an authentication bypass vulnerability in Maian Guestbook <= 3.2 by setting an insecure cookie via JavaScript. The admin panel only checks for the presence of the cookie, not its content, allowing arbitrary users to gain admin access.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Maian Guestbook <= 3.2
No auth needed
Prerequisites: Victim must execute the provided JavaScript snippet · Target must be using Maian Guestbook <= 3.2
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6061
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31070
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30203

Scores

EPSS 0.0651
EPSS Percentile 92.9%

Details

CWE
CWE-287
Status published
Products (1)
maian/guestbook < 3.2
Published Jul 25, 2008
Tracked Since Feb 18, 2026