PHP Address Book Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities

Attackers can use a browser to exploit the SQL-injection issues. An attacker must trick a victim into following a malicious URI to exploit a cross-site scripting issue.

The following example URIs are available:[sql-injection] to&group=1&selected%5b%5d=132&to_group=[sql-injection][sql-injection]'"</script><script>alert(document.cookie)</script>'"</script><script>alert(document.cookie)</script>


Privacy Statement
Copyright 2010, SecurityFocus