CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-1486

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile0.46th
Published2007年3月16日
Last Modified2026年4月23日

Vulnerability Description

PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.

Affected Platforms (CPE)

📦
Carbonize

Lazarus Guestbook

<= 1.7.2

References & Advisories

🔗 http://carbonize.co.uk/Lazarus/Forum/index.php?topic=1164.0
🔗 http://securityreason.com/securityalert/2432
🔗 http://www.attrition.org/pipermail/vim/2007-March/001417.html
🔗 http://www.securityfocus.com/archive/1/462183/100/100/threaded
🔗 http://www.securityfocus.com/archive/1/462235/100/100/threaded
🔗 http://www.securityfocus.com/archive/1/463041/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/469218/100/0/threaded
🔗 http://www.vupen.com/english/advisories/2007/0874

関連する脆弱性情報

CVE-2006-36164.3

Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to injec...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...