Search criteria
6 vulnerabilities found for php-address_book by php-address_book
FKIE_CVE-2008-2566
Vulnerability from fkie_nvd - Published: 2008-06-06 18:32 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| php-address_book | php-address_book | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC537BA2-A3BA-46A8-98C9-363817064F0C",
"versionEndIncluding": "3.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en PHP Address Book 3.1.5 y anteriores. Permite a atacantes remotos inyectar secuencias de comandos web de su elecci\u00f3n a trav\u00e9s del par\u00e1metro group a (1) index.php o la (2) URI por defecto."
}
],
"id": "CVE-2008-2566",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-06-06T18:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30540"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5739"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-2565
Vulnerability from fkie_nvd - Published: 2008-06-06 18:32 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFDADFC-193B-463B-942D-F6863AD73211",
"versionEndIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC51D21-A5A5-443B-B2F9-293F1C402CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24570B05-955E-4304-AB7D-4A7FB5BC8626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3367D1-78D8-4A2C-A841-6BC11ECFE872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "830CA43A-E3DE-4084-9A1A-302002871F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3816C93-4BC9-49E5-B8FF-2132955B2EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6C5ADB-D36E-4C5B-96E7-1039565C590B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCFD670-EA54-4C06-B6F1-CD1F0605CA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3236E66F-FA39-43BD-8BAB-911E732E3C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0AB28E-3801-407B-AB24-7541CE77FF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56C246C0-4870-4CA8-979C-618D5A3E09B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "464682B9-DEFB-48A4-B991-D9EB95D7B8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA1F770-4A4A-4B45-819A-03072084EAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F63047E-144C-4FA7-A38C-39096840DC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9161AF9-BCB8-4CC4-9322-AEB076E67553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43EBA3-6067-46B8-A508-54F359CC98A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "963B094C-4BF7-426B-BBD0-EBDA2C17A086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "50E9922B-A95B-4CE9-B0F8-529BA2CD4057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "98AE2D6D-F8A3-4056-8039-0F51B6FF5DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "96914364-02D5-4ACF-91D6-2B476682CF90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "320D33D1-82E3-4D14-B70F-BC4DD59B13F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "582DAE00-4F47-432C-8B51-A43F742029C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8367E82F-57BC-4BF4-A92A-D5E15FBAA7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C988DFC5-903D-47C9-962A-BD7D40ACA798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BB86312B-0BC4-4C92-82BC-1B548808F39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CC0410C5-FC80-4BE2-9A01-FA7394647BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98703992-C562-4CA8-B202-EBFE2BB05793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BBE7EBFD-8591-489E-9FC4-4EFE206008AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php-address_book:php-address_book:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "880D8F5E-A9E1-4506-B695-3E979E13E196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book 3.1.5 y en versiones anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro id en (1) view.php y (2) edit.php. NOTA: m\u00e1s tarde se inform\u00f3 que tambi\u00e9n se ve afectada la versi\u00f3n 4.0.x."
}
],
"id": "CVE-2008-2565",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-06T18:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30540"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35590"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35511"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/9023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/9023"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-2566 (GCVE-0-2008-2566)
Vulnerability from cvelistv5 – Published: 2008-06-06 18:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "phpaddressbook-group-xss(42856)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-grouppara-xss(99624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "phpaddressbook-group-xss(42856)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-grouppara-xss(99624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30540"
},
{
"name": "phpaddressbook-group-xss(42856)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"name": "5739",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-grouppara-xss(99624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2566",
"datePublished": "2008-06-06T18:00:00",
"dateReserved": "2008-06-06T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2565 (GCVE-0-2008-2565)
Vulnerability from cvelistv5 – Published: 2008-06-06 18:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-view-edit-sql-injection(42855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"name": "phpaddressbook-viewphp-sql-injection(99622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/9023"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-view-edit-sql-injection(42855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"name": "phpaddressbook-viewphp-sql-injection(99622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/9023"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35590"
},
{
"name": "30540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30540"
},
{
"name": "5739",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-view-edit-sql-injection(42855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"name": "phpaddressbook-viewphp-sql-injection(99622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"name": "9023",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/9023"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2565",
"datePublished": "2008-06-06T18:00:00",
"dateReserved": "2008-06-06T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2566 (GCVE-0-2008-2566)
Vulnerability from nvd – Published: 2008-06-06 18:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "phpaddressbook-group-xss(42856)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-grouppara-xss(99624)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "phpaddressbook-group-xss(42856)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-grouppara-xss(99624)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30540"
},
{
"name": "phpaddressbook-group-xss(42856)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"name": "5739",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-grouppara-xss(99624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2566",
"datePublished": "2008-06-06T18:00:00",
"dateReserved": "2008-06-06T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2565 (GCVE-0-2008-2565)
Vulnerability from nvd – Published: 2008-06-06 18:00 – Updated: 2024-08-07 09:05
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-view-edit-sql-injection(42855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"name": "phpaddressbook-viewphp-sql-injection(99622)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/9023"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "30540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30540"
},
{
"name": "5739",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-view-edit-sql-injection(42855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"name": "phpaddressbook-viewphp-sql-injection(99622)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/9023"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35590"
},
{
"name": "30540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30540"
},
{
"name": "5739",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-view-edit-sql-injection(42855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855"
},
{
"name": "phpaddressbook-viewphp-sql-injection(99622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622"
},
{
"name": "9023",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/9023"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2565",
"datePublished": "2008-06-06T18:00:00",
"dateReserved": "2008-06-06T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}