AN Guestbook Local File Inclusion Vulnerability Network Vulnerability

Summary

This host is running AN Guestbook and is prone to Local File Inclusion vulnerability.

Impact

Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when register_globals is enabled. Impact level: Application/System

Solution

Upgrade to AN Guestbook version 1.2.1 or later, For updates refer to http://aguestbook.sourceforge.net/

Insight

The flaw is due to error in 'g_lang' parameter in 'ang/shared/flags.php' which is not properly verified before being used to include files.

Affected

AN Guestbook version 0.7 to 0.7.8

References

http://en.securitylab.ru/nvd/381881.php
http://www.attrition.org/pipermail/vim/2009-June/002196.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2224
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability

Take action and discover your vulnerabilities