CVE-2008-2678

Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 code parameter in a confirmdata action to edit1.php and the 2 id parameter to viewmore.php...