CVE-2007-1998

critical

Description

Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.

References

https://www.exploit-db.com/exploits/3697

https://exchange.xforce.ibmcloud.com/vulnerabilities/33540

http://www.vupen.com/english/advisories/2007/1333

http://secunia.com/advisories/24835

Details

Source: Mitre, NVD

Published: 2007-04-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.06101

Detections

Analytics