Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-09-09 14:55
Updated : 2017-08-28 18:31
NVD link : CVE-2012-1911
Mitre link : CVE-2012-1911
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
chatelao
- php_address_book