Description

Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.

Remediation

References

CVE-2012-1911

Related Vulnerabilities

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8109)

MySQL CVE-2017-3652 Vulnerability (CVE-2017-3652)

Joomla Other Vulnerability (CVE-2006-0303)

WordPress Plugin My Wish List Cross-Site Scripting (1.4.1)

Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7892)

Severity

High

Classification

CVE-2012-1911 CWE-138

Tags

Missing Update Known Vulnerabilities