Carbonize Lazarus Guestbook vulnerabilities
2 known vulnerabilities affecting carbonize/lazarus_guestbook.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2007-1486P3CRITICALCVSS 10.0≤ 1.7.22007-03-16
CVE-2007-1486 [CRITICAL] CVE-2007-1486: PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.
nvd
CVE-2006-3616P4MEDIUMCVSS 4.3PoC≤ 1.62006-07-18
CVE-2006-3616 [MEDIUM] CVE-2006-3616: Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier a
Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.
nvd