Admbook PHP Code Injection Flaw

The remote web server contains a PHP script that allows arbitrary code injection. Description : The remote host is running AdmBook, a PHP-based guestbook. The remote version of this software is prone to remote PHP code injection due to a lack of sanitization of the HTTP header 'X-Forwarded-For'. Using a specially-crafted URL, a malicious user can execute arbitrary command on the remote server subject to the privileges of the web server user id.
Unknown at this time.