CVE-2008-6934

Name of the Vulnerable Software and Affected Versions: Sanus|artificium (aka Sanusart) Free simple guestbook PHP script versions prior to 20081111

Description: The issue allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to "act.php", which is executed when "guestbook/guestbook.php" is accessed.

Recommendations: For Sanus|artificium (aka Sanusart) Free simple guestbook PHP script versions prior to 20081111, consider disabling the act.php file or restricting access to the guestbook/guestbook.php page until a fix is available. Avoid using the message parameter in the affected API endpoint until the issue is resolved.