Description

Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.

Remediation

References

CVE-2009-2608

Related Vulnerabilities

WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)

WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-4894)

WordPress Plugin Email Subscriber Cross-Site Scripting (1.1)

MySQL CVE-2013-1531 Vulnerability (CVE-2013-1531)

MySQL Resource Management Errors Vulnerability (CVE-2010-3833)

Severity

Medium

Classification

CVE-2009-2608 CWE-138

Tags

Missing Update Known Vulnerabilities