CVE-2007-0608 - Vulnerability Details - OpenCVE

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.01056.

Key SSVC decision points have not yet been added.

Vendors	Products
Advanced Guestbook	Advanced Guestbook

Configuration 1 [-]

cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/34362
http://secunia.com/advisories/25153
http://securityreason.com/securityalert/2661
http://www.netvigilance.com/advisory0011
http://www.osvdb.org/33876
http://www.osvdb.org/33878
http://www.osvdb.org/33879
http://www.securityfocus.com/archive/1/467940/100/0/threaded
http://www.vupen.com/english/advisories/2007/1726
https://exchange.xforce.ibmcloud.com/vulnerabilities/34161

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-09T17:00:00

Updated: 2024-08-07T12:26:53.482Z

Reserved: 2007-01-30T00:00:00

Link: CVE-2007-0608

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-05-09T17:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0608

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-07T00:00:00", "descriptions": [{"lang": "en", "value": "Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33879", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33879"}, {"name": "20070507 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.netvigilance.com/advisory0011"}, {"name": "advanced-multiple-script-info-disclosure(34161)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}, {"name": "2661", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2661"}, {"name": "ADV-2007-1726", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"name": "33878", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33878"}, {"name": "34362", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34362"}, {"name": "33876", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33876"}, {"name": "25153", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25153"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0608", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33879", "refsource": "OSVDB", "url": "http://www.osvdb.org/33879"}, {"name": "20070507 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"name": "http://www.netvigilance.com/advisory0011", "refsource": "MISC", "url": "http://www.netvigilance.com/advisory0011"}, {"name": "advanced-multiple-script-info-disclosure(34161)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}, {"name": "2661", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2661"}, {"name": "ADV-2007-1726", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"name": "33878", "refsource": "OSVDB", "url": "http://www.osvdb.org/33878"}, {"name": "34362", "refsource": "OSVDB", "url": "http://osvdb.org/34362"}, {"name": "33876", "refsource": "OSVDB", "url": "http://www.osvdb.org/33876"}, {"name": "25153", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25153"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:53.482Z"}, "title": "CVE Program Container", "references": [{"name": "33879", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/33879"}, {"name": "20070507 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.netvigilance.com/advisory0011"}, {"name": "advanced-multiple-script-info-disclosure(34161)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}, {"name": "2661", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2661"}, {"name": "ADV-2007-1726", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"name": "33878", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/33878"}, {"name": "34362", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34362"}, {"name": "33876", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/33876"}, {"name": "25153", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25153"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0608", "datePublished": "2007-05-09T17:00:00", "dateReserved": "2007-01-30T00:00:00", "dateUpdated": "2024-08-07T12:26:53.482Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F527A81-0115-4540-A4C3-E94E582B9434", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path."}, {"lang": "es", "value": "Advanced Guestbook 2.4.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un par\u00e1metro inv\u00e1lido (1) GB_TBL en (a) lang/codes-english.php o (b) image.php,lo cual revela el nombre de la base de datos; (2) un par\u00e1metro inv\u00e1lido GB_DB en index.php, unido con una cookie lang../index, el cual revela la ruta de instalaci\u00f3n; o (3) un respuesta directa en index.php sin par\u00e1metros ni cookies, lo cual revela la ruta de instalaci\u00f3n."}], "evaluatorImpact": "Successful exploitation requires that \"register_globals\" is enabled.", "id": "CVE-2007-0608", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-09T17:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/34362"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25153"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2661"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.netvigilance.com/advisory0011"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33876"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33878"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33879"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/34362"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25153"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.netvigilance.com/advisory0011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/33876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/33878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/33879"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}