CVE-2009-4447
Jax Guestbook 3.5.0 - Unauthenticated Authentication Bypass via Direct Admin Endpoint Access
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-4447. PoCs published by Sora.
AI-analyzed exploit summary This exploit describes an authentication bypass vulnerability in Jax Guestbook 3.50, allowing unauthorized access to admin settings via a crafted URL. No actual exploit code is provided, only a description and example URLs.
Description
Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Sora · textwebappsphp
https://www.exploit-db.com/exploits/10626
This exploit describes an authentication bypass vulnerability in Jax Guestbook 3.50, allowing unauthorized access to admin settings via a crafted URL. No actual exploit code is provided, only a description and example URLs.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Jax Guestbook 3.50
No auth needed
Prerequisites:
knowledge of target URL structure
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/10626
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/61299
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37921
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37466
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55077
Scores
EPSS
0.0255
EPSS Percentile
83.0%
Details
CWE
CWE-287
Status
published
Products (1)
jax_scripts/jax_guestbook
3.5.0
Published
Dec 29, 2009
Tracked Since
Feb 18, 2026