Unrated severityNVD Advisory· Published May 3, 2006· Updated Apr 16, 2026

CVE-2006-2158

Description

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.

Affected products

Stadtaus/Guestbook Script
cpe:2.3:a:stadtaus:guestbook_script:*:*:*:*:*:*:*:*
Range: <=1.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

retrogod.altervista.org/gbs_17_xpl_pl.htmlnvd
secunia.com/advisories/19957nvd
www.securityfocus.com/bid/17845nvd
www.stadtaus.com/forum/t-2600.htmlnvd
www.vupen.com/english/advisories/2006/1660nvd
exchange.xforce.ibmcloud.com/vulnerabilities/26252nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000