CVE-2013-1748

Name of the Vulnerable Software and Affected Versions PHP Address Book version 8.2.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities via unspecified parameters to API endpoints such as "edit.php" or "import.php".

Recommendations For PHP Address Book version 8.2.5, consider restricting access to the edit.php and import.php API endpoints until a patch is available. Avoid using unspecified parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.