CVE-2006-3616

Name of the Vulnerable Software and Affected Versions Carbonize Lazarus Guestbook versions 1.6 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in certain PHP files. This can be achieved by manipulating the show parameter in codes-english.php and the img parameter in picture.php, specifically after the name of an existing file.

Recommendations For Carbonize Lazarus Guestbook versions 1.6 and earlier, as a temporary workaround, consider restricting access to the codes-english.php and picture.php files until a fix is available. Avoid using the show and img parameters in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.