CVE-2006-4788

Name of the Vulnerable Software and Affected Versions Telekorn SignKorn Guestbook (SL) versions 1.3 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled and the SESSION[permission] parameter is set to "yes". This can be achieved via a URL in the dir path parameter.

Recommendations For Telekorn SignKorn Guestbook (SL) versions 1.3 and earlier, consider disabling the register globals setting and restricting access to the includes/log.inc.php file until a patch is available. As a temporary workaround, avoid using the dir path parameter in URLs and restrict the SESSION[permission] parameter to prevent it from being set to "yes" by unauthorized users.