CVE-2006-6764

critical

Description

PHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter.

References

https://www.exploit-db.com/exploits/2979

http://www.vupen.com/english/advisories/2006/5147

http://www.securityfocus.com/bid/21721

Details

Source: Mitre, NVD

Published: 2006-12-27

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03339

Detections

Analytics