SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote malicious users to execute arbitrary SQL commands via the p parameter.
kmsoft guestbook -