PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.
http://www.soulblack.com.ar/repo/papers/advisory/myguestbook_advisory.txt
http://securitytracker.com/id?1014387