Unrated severityNVD Advisory· Published Mar 16, 2007· Updated Jun 16, 2026
CVE-2007-1486
CVE-2007-1486
Description
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:carbonize:lazarus_guestbook:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:carbonize:lazarus_guestbook:*:*:*:*:*:*:*:*range: <=1.7.2
- (no CPE)range: <1.7.3
Patches
Vulnerability mechanics
References
8- carbonize.co.uk/Lazarus/Forum/index.phpnvd
- securityreason.com/securityalert/2432nvd
- www.attrition.org/pipermail/vim/2007-March/001417.htmlnvd
- www.securityfocus.com/archive/1/462183/100/100/threadednvd
- www.securityfocus.com/archive/1/462235/100/100/threadednvd
- www.securityfocus.com/archive/1/463041/100/0/threadednvd
- www.securityfocus.com/archive/1/469218/100/0/threadednvd
- www.vupen.com/english/advisories/2007/0874nvd
News mentions
0No linked articles in our index yet.