CVE-2007-1304

Name of the Vulnerable Software and Affected Versions Sava's Guestbook version 23.11.2006

Description The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This is achieved by exploiting SQL injection vulnerabilities in the add2.php file via the name, country, email, website, and message parameters.

Recommendations For Sava's Guestbook version 23.11.2006, consider disabling the add2.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks. Avoid using the name, country, email, website, and message parameters in the affected file until the issue is resolved.