Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
https://www.exploit-db.com/exploits/9023
https://www.exploit-db.com/exploits/5739
https://exchange.xforce.ibmcloud.com/vulnerabilities/99622
https://exchange.xforce.ibmcloud.com/vulnerabilities/42855
http://www.securityfocus.com/bid/35511
http://www.securityfocus.com/archive/1/504595/100/0/threaded