CVE-2007-5821

Name of the Vulnerable Software and Affected Versions DM Guestbook versions 0.4.1 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in specific parameters, such as the lng parameter to certain API endpoints like "guestbook.php", "admin/admin.guestbook.php", or "auto/glob new.php", or the lngdefault parameter to "auto/ch lng.php".

Recommendations For DM Guestbook versions 0.4.1 and earlier, as a temporary workaround, consider restricting access to the vulnerable API endpoints, specifically "guestbook.php", "admin/admin.guestbook.php", "auto/glob new.php", and "auto/ch lng.php", until a patch is available. Avoid using the lng and lngdefault parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.