4 matches found
CVE-2008-1847
CVE-2008-1847 is a SQL injection vulnerability in CoronaMatrix phpAddressBook 2.11, specifically in view.php where the id parameter can be exploited remotely to execute arbitrary SQL commands. This vulnerability is evidenced across multiple sources (NVD entry, CVE list, PRIO/CVELIST) with a CVSSv...
CVE-2008-6646
CVE-2008-6646 affects CoronaMatrix phpAddressBook 2.0, where index.php processes the username parameter. The vulnerability is a cross-site scripting (XSS) flaw caused by inadequate sanitization of user input, enabling remote attackers to inject arbitrary script/HTML in victims’ browsers. Exploita...
CVE-2008-1492
CVE-2008-1492 affects CoronaMatrix phpAddressBook 2.11 (and noted vector in 2.0). The issue is directory traversal via a ".." in the skin parameter, exploitable in index.php and install.php to include and execute arbitrary local files. This enables remote attackers to access local files and poten...
CVE-2008-7145
CVE-2008-7145 describes multiple SQL injection vulnerabilities in index.php of CoronaMatrix phpAddressBook 2.0, allowing remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters. The root cause is listed as SQL injection in the affected PHP file. Affected software...