Detections
Analytics

CVE-2008-2638

critical

Description

Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

References

https://www.exploit-db.com/exploits/5736

https://exchange.xforce.ibmcloud.com/vulnerabilities/42854

http://www.vupen.com/english/advisories/2008/1735/references

http://secunia.com/advisories/30146

http://1scripts.net/php-scripts/index.php?p=16

Details

Source: Mitre, NVD

Published: 2008-06-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0297