Local File Include Vulnerability in Advanced Guestbook

vendor:

Advanced Guestbook

by:

5.5

CVSS

MEDIUM

Local File Include

CWE

Product Name: Advanced Guestbook

Affected Version From: 2.4.2002

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Local File Include Vulnerability in Advanced Guestbook

Advanced Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input and validate file paths.

Source

Local File Include Vulnerability in Advanced Guestbook

Mitigation:

Exploit-DB raw data: