PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook prior to 1.7.3 allows remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
carbonize lazarus guestbook |