[原文]SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
DGBook contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the inde.php script not properly sanitizing user-supplied input to the "name", "email", "homepage", "address", "comment", and "ip" variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.