Vulnerabilidad en PHP Address Book (CVE-2013-0135)

Múltiples vulnerabilidades de inyección SQL en PHP Address Book v8.2.5 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, o (3) addressbook/register/edit_user_save.php; el parámetro email en (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, o (7) addressbook/register/user_add_save.php; el parámetro username en (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; los parámetros (10) lastname, (11) firstname, (12) phone, (13) permissions, o (14) notes en addressbook/register/edit_user_save.php; el parámetro (15) q en addressbook/register/admin_index.php; el parámetro (16) site en addressbook/register/linktick.php; el parámetro (17) password en addressbook/register/reset_password.php; el parámetro (18) password_hint en addressbook/register/reset_password_save.php; el parámetro (19) var en addressbook/register/traffic.php; o la cookie (20) BasicLogin en addressbook/register/router.php