Search criteria
2 vulnerabilities found for MGB OpenSource Guestbook by M-Gb
CVE-2018-25411 (GCVE-0-2018-25411)
Vulnerability from nvd – Published: 2026-05-30 14:55 – Updated: 2026-05-30 14:55
VLAI
Title
MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php
Summary
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45665 | exploit |
| http://www.m-gb.org/ | product |
| https://sourceforge.net/projects/mopzz-gb/files/l… | product |
| https://www.vulncheck.com/advisories/mgb-opensour… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| M-Gb | MGB OpenSource Guestbook |
Affected:
0.7.0.2
|
Date Public
2018-10-23 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "MGB OpenSource Guestbook",
"vendor": "M-Gb",
"versions": [
{
"status": "affected",
"version": "0.7.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027id\u0027 parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the \u0027id\u0027 parameter to extract sensitive database information including table and column names."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:17.817Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45665",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45665"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.m-gb.org/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/mopzz-gb/files/latest/download"
},
{
"name": "VulnCheck Advisory: MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mgb-opensource-guestbook-sql-injection-via-email-php"
}
],
"title": "MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25411",
"datePublished": "2026-05-30T14:55:17.817Z",
"dateReserved": "2026-05-30T12:28:15.767Z",
"dateUpdated": "2026-05-30T14:55:17.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25411 (GCVE-0-2018-25411)
Vulnerability from cvelistv5 – Published: 2026-05-30 14:55 – Updated: 2026-05-30 14:55
VLAI
Title
MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php
Summary
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45665 | exploit |
| http://www.m-gb.org/ | product |
| https://sourceforge.net/projects/mopzz-gb/files/l… | product |
| https://www.vulncheck.com/advisories/mgb-opensour… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| M-Gb | MGB OpenSource Guestbook |
Affected:
0.7.0.2
|
Date Public
2018-10-23 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "MGB OpenSource Guestbook",
"vendor": "M-Gb",
"versions": [
{
"status": "affected",
"version": "0.7.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the \u0027id\u0027 parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the \u0027id\u0027 parameter to extract sensitive database information including table and column names."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:17.817Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45665",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45665"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "http://www.m-gb.org/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://sourceforge.net/projects/mopzz-gb/files/latest/download"
},
{
"name": "VulnCheck Advisory: MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mgb-opensource-guestbook-sql-injection-via-email-php"
}
],
"title": "MGB OpenSource Guestbook 0.7.0.2 SQL Injection via email.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25411",
"datePublished": "2026-05-30T14:55:17.817Z",
"dateReserved": "2026-05-30T12:28:15.767Z",
"dateUpdated": "2026-05-30T14:55:17.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}