VYPR
Unrated severityNVD Advisory· Published Mar 16, 2007· Updated Jun 16, 2026

CVE-2007-1486

CVE-2007-1486

Description

PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:carbonize:lazarus_guestbook:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:carbonize:lazarus_guestbook:*:*:*:*:*:*:*:*range: <=1.7.2
    • (no CPE)range: <1.7.3

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.