Lucene search
K
ChatelaoPhp Address Book

8 matches found

CVE
CVE
added 2013/04/09 1:0 a.m.59 views

CVE-2013-0135

CVE-2013-0135 describes multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 that allow remote attackers to execute arbitrary SQL commands via a long list of parameters to various scripts (e.g., addressbook/register/delete_user.php, edit_user.php, edit_user_save.php, reset_password.ph...

7.5CVSS8.8AI score0.02978EPSS
Web
CVE
CVE
added 2012/05/21 6:0 p.m.57 views

CVE-2012-2903

PHP Address Book 7.0 and earlier is affected by multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary script/HTML via (1) PATH_INFO to group.php, and (2) target_language or (3) target_flag to translate.php. Affected software: PHP Address Book. Root cause: input vecto...

4.3CVSS5.9AI score0.01805EPSS
CVE
CVE
added 2009/07/27 6:0 p.m.50 views

CVE-2009-2608

CVE-2009-2608 affects PHP Address Book 4.0.x, with SQL injection vulnerabilities exploitable via (1) the id parameter to delete.php and (2) the alphabet parameter to index.php. The root cause is improper input handling in these endpoints, enabling arbitrary SQL execution by an attacker. The descr...

6.8CVSS8.4AI score0.00913EPSS
CVE
CVE
added 2013/04/18 10:0 a.m.46 views

CVE-2013-1749

CVE-2013-1749: A cross-site scripting (XSS) flaw is present in edit.php of PHP Address Book 8.2.5, allowing user-assisted remote attackers to inject arbitrary script or HTML via the Address field. The issue is tied to how input in the Address field is handled, enabling script injection in context...

4.3CVSS5.9AI score0.00966EPSS
CVE
CVE
added 2013/04/09 1:0 a.m.46 views

CVE-2013-2778

The CVE-2013-2778 entry describes a CSRF vulnerability in PHP Address Book 8.2.5, specifically in addressbook/register/delete_user.php, that allows remote attackers to hijack administrator authentication to delete accounts. This is distinct from CVE-2013-0135. Available connected documents (e.g.,...

7.5CVSS7.2AI score0.00631EPSS
CVE
CVE
added 2012/09/09 9:0 p.m.44 views

CVE-2012-1912

Technical details about CVE-2012-1912 are not publicly available in the provided connected documents. Monitor for updates.

4.3CVSS5.9AI score0.02398EPSS
CVE
CVE
added 2013/04/18 10:0 a.m.43 views

CVE-2013-1748

CVE-2013-1748 corresponds to multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 . The issues allow remote attackers to execute arbitrary SQL commands through unspecified parameters to edit.php and import.php ; the description notes that the view.php and edit.php vectors are already ...

7.5CVSS8.6AI score0.01024EPSS
CVE
CVE
added 2012/09/09 9:0 p.m.42 views

CVE-2012-1911

CVE-2012-1911 affects PHP Address Book 6.2.12 and earlier. It allows remote attackers to execute arbitrary SQL commands via (1) the to_group parameter to group.php or (2) the id parameter to vcard.php; the edit.php vector is covered by CVE-2008-2565. This is a concrete vulnerability with specifie...

7.5CVSS8.6AI score0.0123EPSS