CVE-2008-2638

Name of the Vulnerable Software and Affected Versions 1Book versions 1.0.1 and earlier

Description A static code injection issue allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php. This enables attackers to inject malicious code into the application.

Recommendations For versions 1.0.1 and earlier, as a temporary workaround, consider restricting access to the guestbook.php file and the data.php file to minimize the risk of exploitation. Avoid using the message parameter in the affected webform until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.