Unrated severityNVD Advisory· Published Sep 14, 2006· Updated Jun 16, 2026

CVE-2006-4788

Description

PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Telekorn/Signkorn Guestbook4 versions
cpe:2.3:a:telekorn:signkorn_guestbook:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:telekorn:signkorn_guestbook:*:*:*:*:*:*:*:*range: <=1.3
- cpe:2.3:a:telekorn:signkorn_guestbook:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:telekorn:signkorn_guestbook:1.2:*:*:*:*:*:*:*
- (no CPE)range: <=1.3

Patches

Vulnerability mechanics

References

secunia.com/advisories/21878nvdVendor Advisory
www.telekorn.com/forum/showthread.phpnvdURL Repurposed
www.vupen.com/english/advisories/2006/3570nvd
exchange.xforce.ibmcloud.com/vulnerabilities/28888nvd
www.exploit-db.com/exploits/2354nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000