Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25411: MGB OpenSource Guestbook SQL Injection Risk: Data Exposure
CVE-2018-25411
Summary
MGB OpenSource Guestbook's guestbook feature has a security flaw that allows attackers to access sensitive information. This could lead to unauthorized access to database information, including table and column names. Update to the latest version to fix this issue.
Original title
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' paramete...
Original description
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026