Summary
This host is running AN Guestbook and is prone to Local File Inclusion vulnerability.
Impact
Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when register_globals is enabled.
Impact level: Application/System
Solution
Upgrade to AN Guestbook version 1.2.1 or later,
For updates refer to http://aguestbook.sourceforge.net/
Insight
The flaw is due to error in 'g_lang' parameter in 'ang/shared/flags.php' which is not properly verified before being used to include files.
Affected
AN Guestbook version 0.7 to 0.7.8
References
Severity
Classification
-
CVE CVE-2009-2224 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- @Mail WebMail Email Body HTML Injection Vulnerability
- A Really Simple Chat Multiple XSS Vulnerabilities