CVE-2006-2158

Name of the Vulnerable Software and Affected Versions Stadtaus Guestbook Script versions 1.7 and earlier

Description The issue allows remote attackers to modify arbitrary program variables via parameters when register globals is enabled. This is due to a dynamic variable evaluation vulnerability in index.php, where parameters are evaluated as PHP variable variables. An example of exploitation is performing PHP remote file inclusion using the include files array parameter.

Recommendations For versions 1.7 and earlier, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation. Avoid using the include files array parameter in the affected API endpoint until the issue is resolved.