CVE-2007-2093 Information

Description

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.

Reference

http://secunia.com/advisories/24904 http://securityreason.com/securityalert/2590 http://www.securityfocus.com/archive/1/465864/100/0/threaded http://www.securityfocus.com/bid/23503 http://www.vupen.com/english/advisories/2007/1393 https://exchange.xforce.ibmcloud.com/vulnerabilities/33666 https://www.exploit-db.com/exploits/3735