Test ID:	1.3.6.1.4.1.25623.1.0.800526
Category:	Web application abuses
Title:	AN Guestbook Local File Inclusion Vulnerability
Summary:	AN Guestbook is prone to Local File Inclusion vulnerability.
Description:	Summary: AN Guestbook is prone to Local File Inclusion vulnerability. Vulnerability Insight: The flaw is due to error in 'g_lang' parameter in 'ang/shared/flags.php' which is not properly verified before being used to include files. Vulnerability Impact: Successful exploitation will allow attacker to include and execute arbitrary files from local and external resources, and can gain sensitive information about remote system directories when register_globals is enabled. Affected Software/OS: AN Guestbook version 0.7 to 0.7.8 Solution: Upgrade to AN Guestbook version 1.2.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2224 BugTraq ID: 35486 http://www.securityfocus.com/bid/35486 http://www.exploit-db.com/exploits/9013 http://www.attrition.org/pipermail/vim/2009-June/002196.html
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.