CVE-2005-2397

CVE-2005-2397 is an XSS vulnerability in phpBook 1.46 affecting the guestbook.php module, exploitable via the admin parameter to inject arbitrary web script or HTML. The provided documents confirm the affected product/version and the input vector, but do not include exploit specifics, impact metr...

CVE-2006-0075

CVE-2006-0075 affects phpBook 1.3.2 and earlier. The flaw is a direct static code injection via the e-mail field (mail variable) in a new message, allowing remote attackers to write to a PHP file and execute arbitrary PHP code on the affected system. The NVD entry confirms a high base score (7.5)...

CVE-2011-3771

The CVE affects phpBook 2.1.0 and concerns an information-disclosure flaw where a direct request to certain .php files causes an error message that reveals the installation path (e.g., doc/update_smilies_1.50-1.60.php). The root cause is an improper error message disclosure that exposes internal ...