Description
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
Remediation
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)
Drupal Improper Input Validation Vulnerability (CVE-2007-6299)
WordPress Plugin Product Slider for WooCommerce by PickPlugins Cross-Site Scripting (1.13.41)
WordPress Plugin Twitch Player Cross-Site Scripting (2.1.0)
WordPress Plugin eHive Account Details Cross-Site Scripting (2.1.2)