Description

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.

Remediation

References

CVE-2013-1748

Related Vulnerabilities

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17826)

WordPress Plugin WP Super Cache Cache Poisoning (1.8)

Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3352)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (4.6.12)

WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)

Severity

High

Classification

CVE-2013-1748 CWE-138

Tags

Missing Update Known Vulnerabilities