SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote malicious users to execute arbitrary SQL commands via the orderlinks parameter.
webmastersite wsn guest 1.02