CVE-2008-6934 - Vulnerability Details - OpenCVE

Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.05518.

Key SSVC decision points have not yet been added.

Vendors	Products
Sansuart	Free Simple Guestbook Php Script

Configuration 1 [-]

cpe:2.3:a:sansuart:free_simple_guestbook_php_script:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/49703
http://secunia.com/advisories/32643
http://www.sanusart.com/news.php
http://www.securityfocus.com/bid/32240
http://www.vupen.com/english/advisories/2008/3095
https://exchange.xforce.ibmcloud.com/vulnerabilities/46526
https://www.exploit-db.com/exploits/7079

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-11T20:25:00

Updated: 2024-08-07T11:49:02.613Z

Reserved: 2009-08-11T00:00:00

Link: CVE-2008-6934

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-08-11T21:00:00.517

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6934

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "32643", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32643"}, {"name": "ADV-2008-3095", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3095"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sanusart.com/news.php"}, {"name": "spgs-act-code-execution(46526)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46526"}, {"name": "49703", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49703"}, {"name": "7079", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7079"}, {"name": "32240", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32240"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6934", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "32643", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32643"}, {"name": "ADV-2008-3095", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3095"}, {"name": "http://www.sanusart.com/news.php", "refsource": "CONFIRM", "url": "http://www.sanusart.com/news.php"}, {"name": "spgs-act-code-execution(46526)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46526"}, {"name": "49703", "refsource": "OSVDB", "url": "http://osvdb.org/49703"}, {"name": "7079", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7079"}, {"name": "32240", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32240"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:49:02.613Z"}, "title": "CVE Program Container", "references": [{"name": "32643", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32643"}, {"name": "ADV-2008-3095", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/3095"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sanusart.com/news.php"}, {"name": "spgs-act-code-execution(46526)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46526"}, {"name": "49703", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/49703"}, {"name": "7079", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7079"}, {"name": "32240", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32240"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6934", "datePublished": "2009-08-11T20:25:00", "dateReserved": "2009-08-11T00:00:00", "dateUpdated": "2024-08-07T11:49:02.613Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sansuart:free_simple_guestbook_php_script:*:*:*:*:*:*:*:*", "matchCriteriaId": "4074AA7C-036B-4D65-B5CC-2155C6A96B90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en Sanus|artificium (tambi\u00e9n conocido como Sanusart) Free simple guestbook PHP script, descargado antes de 20081111, permite a atacantes remotos la inyecci\u00f3n de c\u00f3digo PHP en messages.txt a trav\u00e9s del par\u00e1metro \"message\" a act.php, que es ejecutado cuando se accede a guestbook/guestbook.php. NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."}], "id": "CVE-2008-6934", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-11T21:00:00.517", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/49703"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32643"}, {"source": "cve@mitre.org", "url": "http://www.sanusart.com/news.php"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32240"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3095"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46526"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7079"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/49703"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sanusart.com/news.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/32240"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/3095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46526"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7079"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}