Description
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)
WordPress Plugin WP Academic People List Cross-Site Scripting (0.4.1)
WordPress Plugin JS MultiHotel Multiple Vulnerabilities (2.2.1)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.56)
WordPress Plugin EWWW Image Optimizer Cross-Site Request Forgery (5.8.1)