Unrated severityNVD Advisory· Published Jan 11, 2007· Updated Apr 23, 2026

CVE-2007-0205

Description

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

Affected products

Alexphpteam/Alex Guestbook4 versions
cpe:2.3:a:alexphpteam:alex_guestbook:3.12:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:alexphpteam:alex_guestbook:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:alexphpteam:alex_guestbook:3.13:*:*:*:*:*:*:*
- cpe:2.3:a:alexphpteam:alex_guestbook:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:alexphpteam:alex_guestbook:4.0.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000