Rolis GuestBook version 1.0 contains a flaw that may allow a remote attacker to gain system access by the execution of arbitrary code. The flaw is caused by an input validation error in "input.inc.php". By supplying a path to a malicious file on a remote server, attackers can execute code on vulnerable systems. It is possible that the flaw may allow remote access resulting in a loss of confidentiality, integrity, and/or availability.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Edit the source code of "insert.inc.php" as recommended below.
Source code of "insert.inc.php" should be modified to the following:
include ("path.inc.php"); <-- insert this line
include ($path . "data.inc.php");