📄 Description (English)
MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to email.php with crafted SQL payloads in the 'id' parameter to extract sensitive database information including table and column names.
🤖 AI Executive Summary
CVE-2018-25411 is a critical SQL injection vulnerability in MGB OpenSource Guestbook 0.7.0.2 that allows unauthenticated attackers to execute arbitrary SQL queries through the 'id' parameter in email.php. With a CVSS score of 8.2, this vulnerability enables complete database compromise including extraction of sensitive data, user credentials, and system information. The lack of available patches and no authentication requirement make this a high-risk vulnerability for any organization still running this legacy software.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 4, 2026 12:13
🇸🇦 Saudi Arabia Impact Assessment
Organizations in Saudi Arabia using legacy guestbook systems or outdated web applications are at risk. Primary impact sectors include: Government agencies (NCA, CITC) using legacy web portals, Small and medium enterprises (SMEs) with older website infrastructure, Educational institutions (universities, schools) with legacy student/visitor management systems, Healthcare facilities with patient feedback systems, and Hospitality/Tourism sector using guestbook functionality. The vulnerability allows complete database compromise, potentially exposing citizen data, employee records, and sensitive organizational information. Given the age of this software (2018), exposure is likely limited but organizations should audit legacy systems immediately.
🏢 Affected Saudi Sectors
Government
Education
Healthcare
Hospitality/Tourism
Small and Medium Enterprises
Non-profit Organizations
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all systems running MGB OpenSource Guestbook 0.7.0.2 or earlier versions through network scanning and asset inventory
2. Isolate affected systems from production networks if still in use
3. Disable or restrict access to email.php and guestbook functionality immediately
4. Review database access logs for suspicious SQL queries or data extraction attempts
Patching Guidance:
1. Since no official patch is available, discontinue use of MGB OpenSource Guestbook immediately
2. Migrate to actively maintained guestbook solutions or modern feedback systems
3. If migration is not immediately possible, implement Web Application Firewall (WAF) rules to block SQL injection patterns
Compensating Controls:
1. Implement input validation and parameterized queries at application level
2. Apply WAF rules blocking SQL keywords in 'id' parameter (UNION, SELECT, DROP, INSERT, etc.)
3. Restrict database user permissions to read-only access where possible
4. Enable database query logging and monitoring for suspicious activity
5. Implement rate limiting on email.php endpoint
6. Use database activity monitoring (DAM) solutions to detect anomalous queries
Detection Rules:
1. Monitor for GET requests to email.php with SQL keywords in 'id' parameter
2. Alert on database queries containing UNION, SELECT, OR 1=1, SLEEP(), BENCHMARK() patterns
3. Track failed authentication attempts and unusual database access patterns
4. Monitor for extraction of system tables (information_schema, mysql.user, etc.)
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل MGB OpenSource Guestbook 0.7.0.2 أو الإصدارات الأقدم من خلال المسح الشبكي وجرد الأصول
2. عزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن
3. تعطيل أو تقييد الوصول إلى email.php ووظائف دفتر الزوار فوراً
4. مراجعة سجلات الوصول إلى قاعدة البيانات للبحث عن استعلامات SQL المريبة أو محاولات استخراج البيانات
إرشادات التصحيح:
1. بما أنه لا يوجد تصحيح رسمي، توقف عن استخدام MGB OpenSource Guestbook فوراً
2. الهجرة إلى حلول دفتر الزوار التي يتم صيانتها بنشاط أو أنظمة تعليقات حديثة
3. إذا لم تكن الهجرة ممكنة على الفور، قم بتطبيق قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL
الضوابط البديلة:
1. تطبيق التحقق من صحة المدخلات والاستعلامات المعاملة على مستوى التطبيق
2. تطبيق قواعد WAF لحجب كلمات SQL في معامل 'id' (UNION, SELECT, DROP, INSERT, إلخ)
3. تقييد أذونات مستخدم قاعدة البيانات للوصول للقراءة فقط حيث أمكن
4. تفعيل تسجيل استعلامات قاعدة البيانات والمراقبة للنشاط المريب
5. تطبيق تحديد معدل على نقطة نهاية email.php
6. استخدام حلول مراقبة نشاط قاعدة البيانات (DAM) للكشف عن الاستعلامات الشاذة
قواعد الكشف:
1. مراقبة طلبات GET إلى email.php التي تحتوي على كلمات SQL في معامل 'id'
2. تنبيهات على استعلامات قاعدة البيانات التي تحتوي على أنماط UNION, SELECT, OR 1=1, SLEEP(), BENCHMARK()
3. تتبع محاولات المصادقة الفاشلة والأنماط غير العادية للوصول إلى قاعدة البيانات
4. مراقبة استخراج جداول النظام (information_schema, mysql.user, إلخ)
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.14.2.1 - Secure development policy
A.14.2.5 - Secure development environment
A.12.6.1 - Management of technical vulnerabilities
A.12.2.1 - Monitoring of system use
🔵 SAMA CSF
ID.RA-1 - Asset management and criticality assessment
PR.DS-6 - Data is protected from unauthorized access
DE.CM-1 - The network is monitored for unauthorized connections
RS.MI-2 - Incidents are mitigated
🟡 ISO 27001:2022
A.12.2.1 - Change management procedures
A.12.6.1 - Management of technical vulnerabilities
A.14.2.1 - Secure development policy
A.14.2.5 - Secure development environment
🟣 PCI DSS v4.0.1
6.2 - Ensure all system components are protected from known vulnerabilities
6.5.1 - Injection flaws prevention
11.2 - Vulnerability scanning
🔗 References & Sources 4
🔗
🔗
🔗
🔗
http://www.m-gb.org/
disclosure@vulncheck.com
https://sourceforge.net/projects/mopzz-gb/files/latest/download
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/45665
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/mgb-opensource-guestbook-sql-injection-via-email-php
disclosure@vulncheck.com