Vulnerabilities > CVE-2007-1933 - File-Upload vulnerability in Dreamcodes Pcp-Guestbook 3.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
dreamcodes
exploit available
NVD
Published: 2007-04-10
Updated: 2017-10-11

Summary

Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.

Vulnerable Configurations

Part Description Count
Application
Dreamcodes
1

Exploit-Db

descriptionPcP-Guestbook 3.0 (lang) Local File Inclusion Vulnerabilities. CVE-2007-1933. Webapps exploit for php platform
fileexploits/php/webapps/3689.txt
idEDB-ID:3689
last seen2016-01-31
modified2007-04-08
platformphp
port
published2007-04-08
reporterDj7xpl
sourcehttps://www.exploit-db.com/download/3689/
titlePcP-Guestbook 3.0 lang Local File Inclusion Vulnerabilities
typewebapps

References