CVE-2008-2638
CVE-2008-2638 affects 1Book 1.0.1 and earlier . The vulnerability is in guestbook.php : remote attackers can upload arbitrary PHP code via the message parameter of an HTML web form, which is written to data.php . The CVSS vector (as per NVD) indicates _network-based, low complexity, no auth with ...