Описание
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.2 (включая)
cpe:2.3:a:carbonize:lazarus_guestbook:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02163
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.
EPSS
Процентиль: 84%
0.02163
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other