Vulnerabilities > CVE-2007-1486 - Remote Security vulnerability in Lazarus Guestbook
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. This vulnerability has been addressed by the vendor with a product update: http://carbonize.co.uk/Lazarus/downloads.php
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://carbonize.co.uk/Lazarus/Forum/index.php?topic=1164.0
- http://securityreason.com/securityalert/2432
- http://www.attrition.org/pipermail/vim/2007-March/001417.html
- http://www.securityfocus.com/archive/1/462183/100/100/threaded
- http://www.securityfocus.com/archive/1/462235/100/100/threaded
- http://www.securityfocus.com/archive/1/463041/100/0/threaded
- http://www.securityfocus.com/archive/1/469218/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0874