CVE-2007-1122

Name of the Vulnerable Software and Affected Versions ZephyrSoft Toolbox Address Book Continued (ABC) versions 1.00 through 1.01

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. It is a variant of a SQL injection issue.

Recommendations For version 1.00, update to version 1.01 to resolve the issue. For version 1.01, although it fixes a variant of this issue, the provided information does not specify a fix for this particular vulnerability, so as a temporary workaround, consider restricting access to the updateRow and deleteRow functions in functions.php until a patch is available.