SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter.