Описание
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-2565
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99622
- https://www.exploit-db.com/exploits/5739
- https://www.exploit-db.com/exploits/9023
- http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html
- http://secunia.com/advisories/30540
- http://secunia.com/advisories/35590
- http://www.securityfocus.com/archive/1/504595/100/0/threaded
- http://www.securityfocus.com/bid/35511
Связанные уязвимости
nvd
больше 17 лет назад
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.