Loss of Confidentiality,
Loss of Integrity
phphg Guestbook contains a flaw related to the user authentication of the service. The issue is triggered when a remote attacker defines the 'loged', 'username', and 'user_level' cookie parameters of the 'check.php' script. This may allow an attacker to gain access to the administration section.
The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.