Description

Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.

Remediation

References

CVE-2009-2608

Related Vulnerabilities

WordPress Plugin Gmedia Photo Gallery Arbitrary File Upload (1.2.1)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13762)

WebLogic CVE-2021-35620 Vulnerability (CVE-2021-35620)

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.10)

Oracle Application Server CVE-2009-1017 Vulnerability (CVE-2009-1017)

Severity

Medium

Classification

CVE-2009-2608 CWE-138

Tags

Missing Update Known Vulnerabilities