ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities

Bugtraq ID:	22685
Class:	Input Validation Error
CVE:	CVE-2007-1121
Remote:	Yes
Local:	No
Published:	Feb 23 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	Zephyr ZephyrSoft Toolbox Address Book Continued 1.01 Zephyr ZephyrSoft Toolbox Address Book Continued 1.00
Not Vulnerable:	Zephyr ZephyrSoft Toolbox Address Book Continued 1.0.2

ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities

ZephyrSoft Toolbox Address Book Continued is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

ZephyrSoft Toolbox Address Book Continued versions 1.00 and 1.01 are confirmed vulnerable to these issues.

ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities

Attackers can exploit these issues via a web client.

ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities

Solution:
The vendor released an update to address these issues. Please see references for more information.


Zephyr ZephyrSoft Toolbox Address Book Continued 1.01

• Zephyr abc-1.02.zip
  http://downloads.sourceforge.net/zephyrsoftware/abc-1.02.zip?modtime=1 172266757&big_mirror=0

Zephyr ZephyrSoft Toolbox Address Book Continued 1.00

• Zephyr abc-1.02.zip
  http://downloads.sourceforge.net/zephyrsoftware/abc-1.02.zip?modtime=1 172266757&big_mirror=0

ZephyrSoft Toolbox Address Book Continued Multiple SQL Injection Vulnerabilities

References:

• ZephyrSoft Toolbox Address Book Continued (ZephyrSoft)
  
• ZephyrSoft Toolbox Address Book Release Notes 1.02 (ZephyrSoft)