Multiple vulnerabilities in PHP Address Book version 8.2.5 could allow an unauthenticated, remote attacker to conduct SQL injection attacks.
The vulnerabilities are due to insufficient sanitization of user-supplied input by the affected software. An attacker could exploit these vulnerability by transmitting requests with crafted parameter to the affected software. An exploit could allow the attacker to view, add, modify, or delete data from the underlying application database.
Proof-of-concept code that exploits this vulnerability is publicly available.
For additional information about SQL injection attacks and defenses, see Understanding SQL Injection
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.
The vendor has not confirmed these vulnerabilities and updated software are not available.