Drake CMS <= 0.4.11 (guestbook.php) SQL Injection Vulnerability

Description:

SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.

References:

CVE-2008-6475
BID-28656
EDB-5391

Disclosure Date:

April 7, 2008