CVE-2010-0978

KMSoft Guestbook 1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0978. PoCs published by LionTurk.

AI-analyzed exploit summary This is a writeup describing a database disclosure vulnerability in KMSoft Guestbook v1.0, where the database file can be accessed directly via a predictable path. No exploit code is provided, only a description and dork for finding vulnerable instances.

Description

KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by LionTurk · textwebappsasp
https://www.exploit-db.com/exploits/11005

This is a writeup describing a database disclosure vulnerability in KMSoft Guestbook v1.0, where the database file can be accessed directly via a predictable path. No exploit code is provided, only a description and dork for finding vulnerable instances.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: KMSoft Guestbook v1.0
No auth needed
Prerequisites: Target must have KMSoft Guestbook v1.0 installed with default configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38076
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55376
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/61487
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11005

Scores

EPSS 0.0254
EPSS Percentile 82.9%

Details

CWE
CWE-264
Status published
Products (1)
kmsoft/guestbook 1.0
Published Mar 16, 2010
Tracked Since Feb 18, 2026