CVE-2009-3421

Name of the Vulnerable Software and Affected Versions Zenas PaoBacheca Guestbook version 2.1

Description The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the login ok parameter to 1 when register globals is enabled.

Recommendations For Zenas PaoBacheca Guestbook version 2.1, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the login.php file until a patch is available. Avoid using the login ok parameter in the affected API endpoint until the issue is resolved.