2007-03-07 00:00:00
mitre
PUBLISHED
Multiple SQL injection vulnerabilities in add2.php in Savas Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.