[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2565

Date: (C)2008-06-06   (M)2017-10-04 


Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
http://www.securityfocus.com/archive/1/archive/1/504595/100/0/threaded
SECUNIA-30540
BID-35511
SECUNIA-35590
EXPLOIT-DB-5739
EXPLOIT-DB-9023
http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html
phpaddressbook-view-edit-sql-injection(42855)
phpaddressbook-viewphp-sql-injection(99622)

CWE    1
CWE-89

© 2013 SecPod Technologies