header-logo
Suggest Exploit
vendor:
Guestbook
by:
SecurityFocus
7.5
CVSS
HIGH
Unauthorized Access
284
CWE
Product Name: Guestbook
Affected Version From: Guestbook 1.0
Affected Version To: Guestbook 1.0
Patch Exists: YES
Related CWE: CVE-2003-0753
CPE: a:guestbook:guestbook:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2003

Unauthorized Access Vulnerability in Guestbook

Guestbook is vulnerable to an unauthorized access vulnerability due to insufficient permissions on the 'admin.php' script file. By accessing the URL http://hostname/guestbook/admin.php, an attacker can gain access to the administrative functions of the application.

Mitigation:

Ensure that the permissions on the 'admin.php' script file are set to a secure level.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7232/info

A vulnerability has been reported for Guestbook that may allow remote attackers to obtain unauthorized access to administrative functions.

The vulnerability is likely due to insufficient permissions on the 'admin.php' script file. 

http://hostname/guestbook/admin.php

Navigation

Suggest Exploit

Services By CQR