GCVE - cpe:2.3:a:alexphpteam:alex_guestbook:4.0.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alexphpteam:alex_guestbook:4.0.1:*:*:*:*:*:*:*

part: a version: 4.0.1 update: *

Vendor	Alexphpteam (`27574572-8cfe-50d3-92ca-ca875e08f511`)
Product	Alex Guestbook (`afb88a23-d54e-5cf1-ad85-b3cb84c1b607`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-0205`	vulnerable	2026-06-08 04:49:31.673895	Details available Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php. Published: 2007-01-11T22:00:00.000Z Updated: 2024-08-07T12:12:18.192Z Open on db.gcve.eu Reference links http://acid-root.new.fr/poc/20070107.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/31397 http://osvdb.org/31709 http://securityreason.com/securityalert/2135 http://osvdb.org/31708	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0202`	vulnerable	2026-06-08 04:49:31.671745	Details available SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter. Published: 2007-01-11T11:00:00.000Z Updated: 2024-08-07T12:12:17.335Z Open on db.gcve.eu Reference links http://acid-root.new.fr/poc/20070107.txt http://osvdb.org/31707 http://secunia.com/advisories/23637 http://securityreason.com/securityalert/2135 https://exchange.xforce.ibmcloud.com/vulnerabilities/31393	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6279`	vulnerable	2026-06-08 04:49:22.424565	Details available index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message. Published: 2006-12-04T11:00:00.000Z Updated: 2024-08-07T20:19:35.141Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/4807 http://securityreason.com/securityalert/1964 https://exchange.xforce.ibmcloud.com/vulnerabilities/30638 http://www.securityfocus.com/bid/21373 http://secunia.com/advisories/23181	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-6278`	vulnerable	2026-06-08 04:49:22.424119	Details available Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. Published: 2006-12-04T11:00:00.000Z Updated: 2024-08-07T20:19:35.131Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/4807 http://securityreason.com/securityalert/1964 http://www.securityfocus.com/bid/21373 http://secunia.com/advisories/23181 https://exchange.xforce.ibmcloud.com/vulnerabilities/30639	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.