Guest Book Security Vulnerabilities

CVE-2023-6767

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2014-125053

A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is.....

CVE-2009-4869

Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page...

CVE-2005-1647

Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and...

CVE-2014-1620

Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt...

CVE-2009-2104

Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2009-1950

SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid...

CVE-2008-1635

Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly...

CVE-2007-1998

Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to...

CVE-2006-6763

Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c)...

CVE-2006-6764

PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes...

CVE-2006-6371

Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author...

CVE-2006-6372

Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from...

CVE-2006-5640

SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key...

CVE-2006-2882

Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form...

CVE-2006-2837

Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to...

CVE-2006-2515

Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the...

CVE-2004-2608

SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's...

CVE-2005-3384

SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in...

CVE-2004-1867

Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name...