CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1486

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile0.46th
PublishedMar 16, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.

Affected Platforms (CPE)

πŸ“¦
Carbonize

Lazarus Guestbook

<= 1.7.2

References & Advisories

πŸ”— http://carbonize.co.uk/Lazarus/Forum/index.php?topic=1164.0
πŸ”— http://securityreason.com/securityalert/2432
πŸ”— http://www.attrition.org/pipermail/vim/2007-March/001417.html
πŸ”— http://www.securityfocus.com/archive/1/462183/100/100/threaded
πŸ”— http://www.securityfocus.com/archive/1/462235/100/100/threaded
πŸ”— http://www.securityfocus.com/archive/1/463041/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/469218/100/0/threaded
πŸ”— http://www.vupen.com/english/advisories/2007/0874

Related Vulnerabilities

CVE-2006-36164.3

Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to injec...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...