CVE-2007-1624

Name of the Vulnerable Software and Affected Versions realGuestbook version 5.01

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the name, email, homepage, and text parameters to save entry.php, which can be reached through add entry.php. There may be other unspecified parameters and files that are also vulnerable.

Recommendations For realGuestbook version 5.01, consider restricting access to the save entry.php file and validating user input for the name, email, homepage, and text parameters to prevent SQL injection attacks. As a temporary workaround, consider disabling the save entry.php file until a patch is available.