PT-2007-3006 · Realguestbook · Realguestbook

Published

2007-03-23

Updated

2011-03-08

CVE-2007-1624

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions realGuestbook version 5.01

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the name, email, homepage, and text parameters to save entry.php, which can be reached through add entry.php. There may be other unspecified parameters and files that are also vulnerable.

Recommendations For realGuestbook version 5.01, consider restricting access to the save entry.php file and validating user input for the name, email, homepage, and text parameters to prevent SQL injection attacks. As a temporary workaround, consider disabling the save entry.php file until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1624

Affected Products

Realguestbook

PT-2007-3006 · Realguestbook · Realguestbook

CVE-2007-1624

Related Identifiers

Affected Products

References · 5