CVE-2009-2224

AN Guestbook 0.7.8 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter.

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9013
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35486

Scores

EPSS 0.0136
EPSS Percentile 68.4%

Details

CWE
CWE-22
Status published
Products (1)
an_guestbook/an_guestbook 0.7.8
Published Jun 26, 2009
Tracked Since Feb 18, 2026