CVE-2007-0609

Name of the Vulnerable Software and Affected Versions Advanced Guestbook version 2.4.2

Description The issue allows remote attackers to bypass .htaccess settings and execute arbitrary PHP local files or read arbitrary local templates. This is achieved by sending a request to index.php with a lang cookie containing a .. (dot dot) followed by a filename without its .php extension.

Recommendations For Advanced Guestbook version 2.4.2, consider restricting access to the lang cookie to prevent manipulation, and ensure that .htaccess settings are properly configured to prevent directory traversal attacks. As a temporary workaround, consider disabling the execution of arbitrary PHP files until a patch is available.