PT-2025-35939 · Unknown · Vx Guestbook 1.07
Published
2025-09-04
·
Updated
2025-09-05
·
CVE-2025-57263
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VX Guestbook version 1.07
Description
An authenticated SQL injection vulnerability exists in VX Guestbook version 1.07. Attackers with admin access can inject malicious SQL payloads via the
word POST parameter in the words.php admin panel.Recommendations
As a temporary workaround, restrict access to the
word POST parameter in the words.php admin panel until a patch is available.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vx Guestbook 1.07