CVE-2007-1304

Multiple SQL injection vulnerabilities in add2.php in Sava’s Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

Date published : 2007-03-06

http://www.securityfocus.com/bid/22820

http://www.securityfocus.com/archive/1/461910/100/0/threaded