vendor:
Ez Guestbook
by:
Milos Zivanovic
8.8
CVSS
HIGH
Cross Site Request Forgery
352
CWE
Product Name: Ez Guestbook
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:scriptsez:ez_guestbook:1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Ez Guestbook 1.0 Multiple Vulnerabilities
Ez Guestbook script version 1.0 suffers from multiple vulnerabilities, including a Cross Site Request Forgery vulnerability. An attacker can exploit this vulnerability by crafting a malicious form that changes the admin password and submitting it to the vulnerable application. Additionally, an attacker can exploit the vulnerability by sending a malicious request to the vulnerable application to delete a post by ID.
Mitigation:
Implement input validation and authentication checks to prevent malicious requests from being processed by the application.