phpABook is a simple address/contact management system using PHP and MySQL. phpABook version 0.9i is vulnerable to a SQL injection vulnerability caused by a failure to properly clean up the βauth_userβ parameter in the index.php script. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.