Vulnerability Description
PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telekorn | Signkorn Guestbook | <= 1.3 |
References
- http://secunia.com/advisories/21878Vendor Advisory
- http://www.telekorn.com/forum/showthread.php?t=1427URL Repurposed
- http://www.vupen.com/english/advisories/2006/3570
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28888
- https://www.exploit-db.com/exploits/2354
- http://secunia.com/advisories/21878Vendor Advisory
- http://www.telekorn.com/forum/showthread.php?t=1427URL Repurposed
- http://www.vupen.com/english/advisories/2006/3570
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28888
- https://www.exploit-db.com/exploits/2354
FAQ
What is CVE-2006-4788?
CVE-2006-4788 is a vulnerability with a CVSS score of 5.1 (MEDIUM). PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes"...
How severe is CVE-2006-4788?
CVE-2006-4788 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4788?
Check the references section above for vendor advisories and patch information. Affected products include: Telekorn Signkorn Guestbook.