CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125053 – Piwigo-Guest-Book Navigation Bar guestbook.inc.php sql injection
https://notcve.org/view.php?id=CVE-2014-125053
06 Jan 2023 — A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. • https://github.com/Piwigo/Piwigo-Guest-Book/commit/0cdd1c388edf15089c3a7541cefe7756e560581d • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0871
https://notcve.org/view.php?id=CVE-2015-0871
07 Feb 2015 — Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 y anteriores permite a atacantes remotos inyectar secuencias de comandos arbitrarios o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17480391/995116/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2010-4358
https://notcve.org/view.php?id=CVE-2010-4358
01 Dec 2010 — Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos cruzados (XSS) en gb.cgi en MRCGIGUY (MCG) Guestbook v1.0, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través de los parámetros (1) name, (2) email, (3) website, y (4) message. • http://evuln.com/vulns/144/summary.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 4CVE-2010-0978 – KMSoft Guestbook 1.0 - Database Disclosure
https://notcve.org/view.php?id=CVE-2010-0978
16 Mar 2010 — KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. KMSoft Guestbook (también conocido como GBook) v1.0 almacena información sensible bajo el root web con control de acceso insuficiente, lo que permite a atacantse remotos descargar una base de datos a través de una petición directa para db/db.mdb. • https://www.exploit-db.com/exploits/11005 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2440 – JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2440
13 Jul 2009 — Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en index.php en JNM Guestbook 3.0 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro page. • https://www.exploit-db.com/exploits/34806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-3320 – Maian Guestbook 3.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3320
25 Jul 2008 — admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5189
https://notcve.org/view.php?id=CVE-2007-5189
03 Oct 2007 — Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. Múltiples vulnerabilidades de inyección SQL en mes_add.php de x-script GuestBook 1.3a, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) name, (2) email, (3) icq, y (4) website. • http://securityreason.com/securityalert/3186 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 3CVE-2007-1192 – HyperBook Guestbook 1.3 - GBConfiguration.DAT Hashed Password Information Disclosure
https://notcve.org/view.php?id=CVE-2007-1192
02 Mar 2007 — Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. Thomas R. Pasawicz HyperBook Guestbook 1.30 almancena información sensible bajo la raiz web con insuficientes controles de acceso, lo cual permite a atacantes remotos descargar una contraseña hash de admin a través de una respuesta directa a data/gbconfiguration.dat. • https://www.exploit-db.com/exploits/29687 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 3CVE-2003-1348 – FTLS Guestbook 1.1 - Script Injection
https://notcve.org/view.php?id=CVE-2003-1348
31 Dec 2003 — Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. • https://www.exploit-db.com/exploits/22202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 4CVE-2003-1535 – Justice Guestbook 1.3 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2003-1535
31 Dec 2003 — Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. • https://www.exploit-db.com/exploits/22444 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •