8 matches found
CVE-2013-0135
CVE-2013-0135 describes multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 that allow remote attackers to execute arbitrary SQL commands via a long list of parameters to various scripts (e.g., addressbook/register/delete_user.php, edit_user.php, edit_user_save.php, reset_password.ph...
CVE-2012-2903
PHP Address Book 7.0 and earlier is affected by multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary script/HTML via (1) PATH_INFO to group.php, and (2) target_language or (3) target_flag to translate.php. Affected software: PHP Address Book. Root cause: input vecto...
CVE-2009-2608
CVE-2009-2608 affects PHP Address Book 4.0.x, with SQL injection vulnerabilities exploitable via (1) the id parameter to delete.php and (2) the alphabet parameter to index.php. The root cause is improper input handling in these endpoints, enabling arbitrary SQL execution by an attacker. The descr...
CVE-2013-1749
CVE-2013-1749: A cross-site scripting (XSS) flaw is present in edit.php of PHP Address Book 8.2.5, allowing user-assisted remote attackers to inject arbitrary script or HTML via the Address field. The issue is tied to how input in the Address field is handled, enabling script injection in context...
CVE-2013-2778
The CVE-2013-2778 entry describes a CSRF vulnerability in PHP Address Book 8.2.5, specifically in addressbook/register/delete_user.php, that allows remote attackers to hijack administrator authentication to delete accounts. This is distinct from CVE-2013-0135. Available connected documents (e.g.,...
CVE-2012-1912
Technical details about CVE-2012-1912 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2013-1748
CVE-2013-1748 corresponds to multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 . The issues allow remote attackers to execute arbitrary SQL commands through unspecified parameters to edit.php and import.php ; the description notes that the view.php and edit.php vectors are already ...
CVE-2012-1911
CVE-2012-1911 affects PHP Address Book 6.2.12 and earlier. It allows remote attackers to execute arbitrary SQL commands via (1) the to_group parameter to group.php or (2) the id parameter to vcard.php; the edit.php vector is covered by CVE-2008-2565. This is a concrete vulnerability with specifie...