Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/. NOTE: a third party disputes this vulnerability, noting that these scripts defend against direct requests
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stadtaus | Guestbook Script | 1.9 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/2988
- http://www.securityfocus.com/archive/1/475854/100/0/threaded
- http://www.securityfocus.com/archive/1/476010/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35876
- http://securityreason.com/securityalert/2988
- http://www.securityfocus.com/archive/1/475854/100/0/threaded
- http://www.securityfocus.com/archive/1/476010/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35876
FAQ
What is CVE-2007-4290?
CVE-2007-4290 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, ...
How severe is CVE-2007-4290?
CVE-2007-4290 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2007-4290?
Check the references section above for vendor advisories and patch information. Affected products include: Stadtaus Guestbook Script.