Description
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
Remediation
References
Related Vulnerabilities
ownCloud Improper Input Validation Vulnerability (CVE-2015-7699)
WordPress Plugin Ocean Extra Cross-Site Request Forgery (1.6.5)
Squid Integer Overflow or Wraparound Vulnerability (CVE-2021-31807)
Oracle JRE CVE-2018-2639 Vulnerability (CVE-2018-2639)
WordPress Plugin Dean's Permalinks Migration Cross-Site Request Forgery (1.0)