CVE-2009-2337

Name of the Vulnerable Software and Affected Versions w3b|cms Gaestebuch Guestbook Module version 3.0.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the spam id parameter.

Recommendations For version 3.0.0, consider disabling the includes/module/book/index.inc.php module until a patch is available, or restrict access to it to minimize the risk of exploitation. Avoid using the spam id parameter in the affected module until the issue is resolved.