Lucene search

[email protected]CVE-2007-0608

HistoryMay 09, 2007 - 5:19 p.m.

CVE-2007-0608

2007-05-0917:19:00

[email protected]

web.nvd.nist.gov

cve-2007-0608

advanced guestbook 2.4.2

information disclosure

vulnerability

remote attackers

sensitive information

nvd

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a …/index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

Affected configurations

NVD

Node

advanced_guestbookadvanced_guestbookMatch2.4.2

CPENameOperatorVersion
advanced_guestbook:advanced_guestbookadvanced guestbookeq2.4.2

CPE	Name	Operator	Version
advanced_guestbook:advanced_guestbook	advanced guestbook	eq	2.4.2

References

osvdb.org/34362

secunia.com/advisories/25153

securityreason.com/securityalert/2661

www.netvigilance.com/advisory0011

www.osvdb.org/33876

www.osvdb.org/33878

www.osvdb.org/33879

www.securityfocus.com/archive/1/467940/100/0/threaded

www.vupen.com/english/advisories/2007/1726

exchange.xforce.ibmcloud.com/vulnerabilities/34161

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.2 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2007-0608

prion1 cvelist1 securityvulns2 nvd1