CVE-2007-1304 | Vulnerability Database | Aqua Security

Multiple SQL injection vulnerabilities in add2.php in Savas Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

Affected Software

Name	Vendor	Start Version	End Version
Savas_guestbook	Savas_place	2006-11-23 (including)	2006-11-23 (including)

References

http://belsec.com/advisories/142/summary.html
http://secunia.com/advisories/24411
http://securityreason.com/securityalert/2350
http://www.securityfocus.com/archive/1/461910/100/0/threaded
http://www.securityfocus.com/bid/22820
https://exchange.xforce.ibmcloud.com/vulnerabilities/32811
http://belsec.com/advisories/142/summary.html
http://secunia.com/advisories/24411
http://securityreason.com/securityalert/2350
http://www.securityfocus.com/archive/1/461910/100/0/threaded
http://www.securityfocus.com/bid/22820
https://exchange.xforce.ibmcloud.com/vulnerabilities/32811

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1304
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html