CVE-2008-6934

Sansuart Free Simple Guestbook Php Script - Code Injection

Title source: rule

Description

Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/7079

View Code ZIP pw:eip

References (7)

Core 7

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32643

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/3095

Various Sources x_refsource_confirm

http://www.sanusart.com/news.php

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46526

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/49703

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7079

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32240

Scores

EPSS 0.0661

EPSS Percentile 91.2%

Details

CWE

CWE-94

Status published

Products (1)

sansuart/free_simple_guestbook_php_script

Published Aug 11, 2009

Tracked Since Feb 18, 2026