Sql injection

2012-09-0921:55:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.5%

JSON

Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.

CPENameOperatorVersion
php_address_bookeq5.3
php_address_bookeq6.1.4
php_address_bookeq6.2.2
php_address_bookeq3.1
php_address_bookeq3.3.18
php_address_bookeq3.2.12
php_address_bookeq3.3.10
php_address_bookeq3.4.8
php_address_bookeq3.3.12
php_address_bookeq3.1.1

Name	Operator	Version
php_address_book	eq	5.3
php_address_book	eq	6.1.4
php_address_book	eq	6.2.2
php_address_book	eq	3.1
php_address_book	eq	3.3.18
php_address_book	eq	3.2.12
php_address_book	eq	3.3.10
php_address_book	eq	3.4.8
php_address_book	eq	3.3.12
php_address_book	eq	3.1.1

Rows per page:

1-10 of 1051

References

sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929

sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929

www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt

www.securityfocus.com/bid/52396

exchange.xforce.ibmcloud.com/vulnerabilities/73943

www.exploit-db.com/exploits/18578