CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125053 – Piwigo-Guest-Book Navigation Bar guestbook.inc.php sql injection
https://notcve.org/view.php?id=CVE-2014-125053
06 Jan 2023 — A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. • https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0871
https://notcve.org/view.php?id=CVE-2015-0871
07 Feb 2015 — Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 y anteriores permite a atacantes remotos inyectar secuencias de comandos arbitrarios o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17480391/995116/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-3320 – Maian Guestbook 3.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3320
25 Jul 2008 — admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2003-1348 – FTLS Guestbook 1.1 - Script Injection
https://notcve.org/view.php?id=CVE-2003-1348
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. • https://www.exploit-db.com/exploits/22202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1534
https://notcve.org/view.php?id=CVE-2003-1534
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. • http://secunia.com/advisories/8475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •