CVE-2007-1933

Name of the Vulnerable Software and Affected Versions PcP-Guestbook (PcP-Book) version 3.0

Description The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the lang parameter to API endpoints such as "index.php", "gb.php", or "faq.php".

Recommendations For PcP-Guestbook (PcP-Book) version 3.0, consider restricting access to the lang parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the lang parameter in "index.php", "gb.php", or "faq.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.