You can find all information about the Extension at Guestbooks detail page.
Take latest download from the Guestbooks detail page.
If more than one page of Guestbook entrys was displayed, the "start" parameter wasn't properly handled. There is no report of a working SQL injection Exploit; but anyway ...
Please update all your Communities to use the latest version: 1.4.1!