Description
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Gift Cards Premium Arbitrary File Upload (3.19.0)
PHP Numeric Errors Vulnerability (CVE-2015-2331)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3220)
Microsoft SQL Server CVE-2023-29349 Vulnerability (CVE-2023-29349)
RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-8324)