Description
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2384 Vulnerability (CVE-2013-2384)
Magento CVE-2020-9632 Vulnerability (CVE-2020-9632)
WordPress Plugin WP Smart Security PHP Object Injection (1.0)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-41934)
WordPress Plugin Related Posts by Zemanta Cross-Site Request Forgery (1.3.1)