Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1748)

Description

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.

Remediation

References

Related Vulnerabilities

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1190)

WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)

WordPress Plugin Banner Effect Header Cross-Site Request Forgery (1.2.6)

WordPress Plugin YITH WooCommerce Recover Abandoned Cart Security Bypass (1.3.2)

PostgreSQL Numeric Errors Vulnerability (CVE-2010-0442)

Severity

High

Classification

CVE-2013-1748 CWE-138

Tags

Missing Update Known Vulnerabilities