SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.