2 matches found
CVE-2009-2608
CVE-2009-2608 affects PHP Address Book 4.0.x, with SQL injection vulnerabilities exploitable via (1) the id parameter to delete.php and (2) the alphabet parameter to index.php. The root cause is improper input handling in these endpoints, enabling arbitrary SQL execution by an attacker. The descr...
CVE-2009-2259
CVE-2009-2259 is a duplicate of CVE-2009-2608 and should reference that entry. Connected records confirm that PHP Address Book 4.0.x contains multiple SQL injection vulnerabilities exploitable via delete.php (id) or index.php (alphabet), enabling remote arbitrary SQL commands. The root cause is u...