GCVE - cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*

part: a version: 2.4.2 update: *

Vendor	Advanced Guestbook (`80e6e77f-db76-51b8-b7cd-0d5141553eb3`)
Product	Advanced Guestbook (`68a16c79-b39e-505c-bde9-4f95e8ce9982`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-0609`	vulnerable	2026-06-08 04:49:32.869483	Details available Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php. Published: 2007-05-09T17:00:00.000Z Updated: 2024-08-07T12:26:54.441Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/34152 http://securityreason.com/securityalert/2662 http://www.vupen.com/english/advisories/2007/1726 http://www.securityfocus.com/archive/1/467937/100/0/threaded http://www.netvigilance.com/advisory0013	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0608`	vulnerable	2026-06-08 04:49:32.869108	Details available Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. Published: 2007-05-09T17:00:00.000Z Updated: 2024-08-07T12:26:53.482Z Open on db.gcve.eu Reference links http://www.osvdb.org/33879 http://www.securityfocus.com/archive/1/467940/100/0/threaded http://www.netvigilance.com/advisory0011 https://exchange.xforce.ibmcloud.com/vulnerabilities/34161 http://securityreason.com/securityalert/2661	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0605`	vulnerable	2026-06-08 04:49:32.867015	Details available Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. Published: 2007-05-09T17:00:00.000Z Updated: 2024-08-07T12:26:53.553Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2007/1726 http://securityreason.com/securityalert/2663 http://www.securityfocus.com/archive/1/467937/100/0/threaded http://www.netvigilance.com/advisory0012 http://www.securityfocus.com/bid/23873	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-0530`	vulnerable	2026-06-08 04:49:32.712160	Details available Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use Published: 2007-01-26T01:00:00.000Z Updated: 2024-08-07T12:19:30.563Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/457955/100/0/threaded http://www.securityfocus.com/archive/1/457870/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Advanced Guestbook

PURL mappings

Vulnerability references

Contribute