CVE-2006-4575

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through multiple SQL injection vulnerabilities in various parameters across different PHP files, including lastname, firstname, passwordOld, passwordNew, id, language, defaultLetter, newuserPass, newuserType, newuserEmail in "user.php", goTo and search in "search.php", and groupAddName in "save.php".

Recommendations For The Address Book version 1.04e, consider disabling the execution of SQL commands from user-input parameters in the affected PHP files until a patch is available. Restrict access to the vulnerable parameters to minimize the risk of exploitation. Avoid using the specified parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.