QUOTE

There is an SQL Injection in Advanced Guestbook 2.3.1

For Example:
http://www.(yourdomain).com/(yourguestbook...php?entry='

or

http://www.(yourdomain).com/(yourguestbook...x.php?entry=%27

Yours,
SpyHat



Source: http://seclists.org/lists/bugtraq/2005/May/0100.html