Description
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Remediation
References
Related Vulnerabilities
WordPress Plugin AJS Instagram Feed Cross-Site Scripting (1.0)
PHP Improper Input Validation Vulnerability (CVE-2013-3735)
WordPress Plugin Discount Rules for WooCommerce Multiple Vulnerabilities (2.0.2)
WordPress Plugin Real WYSIWYG Cross-Site Scripting (0.0.2)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)