Unrated severityNVD Advisory· Published Jan 11, 2007· Updated Jun 16, 2026
CVE-2007-0205
CVE-2007-0205
Description
Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:alexphpteam:alex_guestbook:3.12:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:alexphpteam:alex_guestbook:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:alexphpteam:alex_guestbook:3.13:*:*:*:*:*:*:*
- cpe:2.3:a:alexphpteam:alex_guestbook:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:alexphpteam:alex_guestbook:4.0.2:*:*:*:*:*:*:*
- Range: <=4.0.2
Patches
Vulnerability mechanics
References
8News mentions
0No linked articles in our index yet.