CVE-2022-30352

phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "authuser" parameter in index.php script...

CVE-2022-30352

CVE-2022-30352 affects phpABook 0.9i, where the vulnerability arises from insufficient sanitization of user-supplied data in the "auth_user" parameter of index.php, leading to SQL injection. Reported impact is high-severity with potential access to/ manipulation of database data (as reflected by ...

phpAbook 0.9i - SQL Injection

Exploit Title: phpAbook 0.9i - SQL Injection Date: 2021-06-29 Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage...

phpAbook 0.9i SQL Injection

Exploit Title: phpAbook 0.9i - SQL Injection Date: 2021-06-29 Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage...

phpAbook 0.9i - SQL Injection Vulnerability

Exploit Title: phpAbook 0.9i - SQL Injection Vendor Homepage: http://sourceforge.net/projects/phpabook/ Exploit Author: Said Cortes, Alejandro Perez Version: v0.9i This was written for educational purpose. Use it at your own risk. Author will be not responsible for any damage. import requests...

CVE-2020-8510

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en user+perms+lang, one can login as any user without a password...

CVE-2020-8510

CVE-2020-8510 affects phpABook 0.9 Intermediate. The vulnerability is a login bypass: if a userInfo cookie is set to admin+1+en (user+perms+lang), authentication occurs without a password. Documented impact ranges from Partial confidentiality/integrity/availability to a Critical/High severity per...

CVE-2020-8510

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en user+perms+lang, one can login as any user without a password...

CVE-2020-8510

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en user+perms+lang, one can login as any user without a password. Recent assessments: horshark at March 09, 2020 8:27pm UTC reported: CVE in SourceForge project phpABoo...

phpAbook <= 0.8.8b (COOKIE) Local File Inclusion Vulnerability

No description provided by source. phpAbook = 0.8.8b COOKIE Local File Inclusion Vulnerability url: http://sourceforge.net/projects/phpabook/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. U...

CVE-2008-4490

Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the userInfo cookie...

Directory traversal

Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the userInfo cookie...

CVE-2008-4490

CVE-2008-4490 affects phpAbook 0.8.8b and earlier, where a directory traversal vulnerability in config.inc.php exists. When magic_quotes_gpc is disabled, remote attackers can cause local file inclusion and arbitrary code execution via a .. (dot dot) sequence in the userInfo cookie. The underlying...

phpabook-lfi.txt

phpAbook ... 61: if isset$HTTPCOOKIEVARS"userInfo" && $HTTPCOOKIEVARS"userInfo" != "" $userArray = explode" ", $HTTPCOOKIEVARS"userInfo"; $userName = $userArray0; $userID = $userArray1; $userLang = $userArray2; include"include/lang/$userLang/inc.messages.php"; 67: x: INCLUDE exploit:...

phpAbook <= 0.8.8b (COOKIE) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================== phpAbook ... 61: if isset$HTTPCOOKIEVARS"userInfo" && $HTTPCOOKIEVARS"userInfo" != "" $userArray = explode" ", $HTTPCOOKIEVARS"userInfo"; $userName = $userArray0; $userID =...

phpAbook 0.8.8b - &#039;cookie&#039; Local File Inclusion

phpAbook ... 61: if isset$HTTPCOOKIEVARS"userInfo" && $HTTPCOOKIEVARS"userInfo" != "" $userArray = explode" ", $HTTPCOOKIEVARS"userInfo"; $userName = $userArray0; $userID = $userArray1; $userLang = $userArray2; include"include/lang/$userLang/inc.messages.php"; 67: x: INCLUDE exploit:...

phpAbook &lt;= 0.8.8b (COOKIE) Local File Inclusion Vulnerability

No description provided by source. phpAbook = 0.8.8b COOKIE Local File Inclusion Vulnerability url: http://sourceforge.net/projects/phpabook/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. U...

phpAbook 0.8.8b - cookie Local File Inclusion

phpAbook 0.8.8b - cookie Local File Inclusion phpAbook ... 61: if isset$HTTPCOOKIEVARS"userInfo" && $HTTPCOOKIEVARS"userInfo" != "" $userArray = explode" ", $HTTPCOOKIEVARS"userInfo"; $userName = $userArray0; $userID = $userArray1; $userLang = $userArray2;...