Description

Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.

Remediation

References

CVE-2009-2608

Related Vulnerabilities

WordPress Plugin WordPress File Upload Directory Traversal (4.12.2)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9405)

MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-7838)

Severity

Medium

Classification

CVE-2009-2608 CWE-138

Tags

Missing Update Known Vulnerabilities