Lucene search

[email protected]NVD:CVE-2012-1911

HistorySep 09, 2012 - 9:55 p.m.

CVE-2012-1911

2012-09-0921:55:06

CWE-89

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.

Affected configurations

NVD

Node

chatelaophp_address_bookRange≤6.2.11

chatelaophp_address_bookMatch1.0

chatelaophp_address_bookMatch1.2

chatelaophp_address_bookMatch2.0

chatelaophp_address_bookMatch2.1

chatelaophp_address_bookMatch2.1.1

chatelaophp_address_bookMatch2.2

chatelaophp_address_bookMatch2.3

chatelaophp_address_bookMatch2.4

chatelaophp_address_bookMatch2.6

chatelaophp_address_bookMatch3.0

chatelaophp_address_bookMatch3.1

chatelaophp_address_bookMatch3.1.1

chatelaophp_address_bookMatch3.1.2

chatelaophp_address_bookMatch3.1.3

chatelaophp_address_bookMatch3.1.4

chatelaophp_address_bookMatch3.1.5

chatelaophp_address_bookMatch3.1.6

chatelaophp_address_bookMatch3.2

chatelaophp_address_bookMatch3.2.1

chatelaophp_address_bookMatch3.2.2

chatelaophp_address_bookMatch3.2.3

chatelaophp_address_bookMatch3.2.4

chatelaophp_address_bookMatch3.2.5

chatelaophp_address_bookMatch3.2.6

chatelaophp_address_bookMatch3.2.7

chatelaophp_address_bookMatch3.2.8

chatelaophp_address_bookMatch3.2.9

chatelaophp_address_bookMatch3.2.10

chatelaophp_address_bookMatch3.2.11

chatelaophp_address_bookMatch3.2.12

chatelaophp_address_bookMatch3.2.13

chatelaophp_address_bookMatch3.2.14

chatelaophp_address_bookMatch3.3

chatelaophp_address_bookMatch3.3.1

chatelaophp_address_bookMatch3.3.2

chatelaophp_address_bookMatch3.3.3

chatelaophp_address_bookMatch3.3.4

chatelaophp_address_bookMatch3.3.5

chatelaophp_address_bookMatch3.3.6

chatelaophp_address_bookMatch3.3.7

chatelaophp_address_bookMatch3.3.8

chatelaophp_address_bookMatch3.3.9

chatelaophp_address_bookMatch3.3.10

chatelaophp_address_bookMatch3.3.12

chatelaophp_address_bookMatch3.3.13

chatelaophp_address_bookMatch3.3.14

chatelaophp_address_bookMatch3.3.15

chatelaophp_address_bookMatch3.3.16

chatelaophp_address_bookMatch3.3.17

chatelaophp_address_bookMatch3.3.18

chatelaophp_address_bookMatch3.4

chatelaophp_address_bookMatch3.4.1

chatelaophp_address_bookMatch3.4.2

chatelaophp_address_bookMatch3.4.3

chatelaophp_address_bookMatch3.4.4

chatelaophp_address_bookMatch3.4.5

chatelaophp_address_bookMatch3.4.6

chatelaophp_address_bookMatch3.4.7

chatelaophp_address_bookMatch3.4.8

chatelaophp_address_bookMatch3.4.9

chatelaophp_address_bookMatch4.0

chatelaophp_address_bookMatch4.0.2

chatelaophp_address_bookMatch4.1.1

chatelaophp_address_bookMatch4.1.3

chatelaophp_address_bookMatch4.1.4

chatelaophp_address_bookMatch5.0

chatelaophp_address_bookMatch5.0beta

chatelaophp_address_bookMatch5.1

chatelaophp_address_bookMatch5.2

chatelaophp_address_bookMatch5.3

chatelaophp_address_bookMatch5.4

chatelaophp_address_bookMatch5.4.1

chatelaophp_address_bookMatch5.4.2

chatelaophp_address_bookMatch5.4.3

chatelaophp_address_bookMatch5.4.4

chatelaophp_address_bookMatch5.4.5

chatelaophp_address_bookMatch5.4.6

chatelaophp_address_bookMatch5.4.7

chatelaophp_address_bookMatch5.4.9

chatelaophp_address_bookMatch5.5

chatelaophp_address_bookMatch5.6

chatelaophp_address_bookMatch5.7

chatelaophp_address_bookMatch5.7.1

chatelaophp_address_bookMatch5.7.2

chatelaophp_address_bookMatch5.7.3

chatelaophp_address_bookMatch5.7.4

chatelaophp_address_bookMatch5.7.5

chatelaophp_address_bookMatch5.8.1

chatelaophp_address_bookMatch6.0

chatelaophp_address_bookMatch6.1

chatelaophp_address_bookMatch6.1.1

chatelaophp_address_bookMatch6.1.2

chatelaophp_address_bookMatch6.1.3

chatelaophp_address_bookMatch6.1.4

chatelaophp_address_bookMatch6.2

chatelaophp_address_bookMatch6.2.1

chatelaophp_address_bookMatch6.2.2

chatelaophp_address_bookMatch6.2.3

chatelaophp_address_bookMatch6.2.4

chatelaophp_address_bookMatch6.2.5

chatelaophp_address_bookMatch6.2.6

chatelaophp_address_bookMatch6.2.7

chatelaophp_address_bookMatch6.2.9

chatelaophp_address_bookMatch6.2.10

References

sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929

sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929

www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt

www.exploit-db.com/exploits/18578

www.securityfocus.com/bid/52396

exchange.xforce.ibmcloud.com/vulnerabilities/73943

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

Related for NVD:CVE-2012-1911

cvelist4 prion4 cve4 nvd3