HomePentest-Tools.com Logo

AN Guestbook Local File Inclusion Vulnerability CVE-2009-2224

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

AN Guestbook is prone to Local File Inclusion vulnerability.

Risk description

The flaw is due to error in g_lang parameter in ang/shared/flags.php which is not properly verified before being used to include files. Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when register_globals is enabled.

Recommendation

Upgrade to AN Guestbook version 1.2.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 26, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available