VYPR
Unrated severityNVD Advisory· Published Jan 11, 2007· Updated Jun 16, 2026

CVE-2007-0205

CVE-2007-0205

Description

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:alexphpteam:alex_guestbook:3.12:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:alexphpteam:alex_guestbook:3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:alexphpteam:alex_guestbook:3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:alexphpteam:alex_guestbook:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:alexphpteam:alex_guestbook:4.0.2:*:*:*:*:*:*:*
  • Range: <=4.0.2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.