Search criteria
24 vulnerabilities found for php_address_book by chatelao
FKIE_CVE-2013-1749
Vulnerability from fkie_nvd - Published: 2013-04-18 11:33 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en edit.php en PHP Address Book 8.2.5 permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del campo \"Address\"."
}
],
"id": "CVE-2013-1749",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-18T11:33:02.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1748
Vulnerability from fkie_nvd - Published: 2013-04-18 11:33 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book 8.2.5, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de par\u00e1metros no especificados a (1) edit.php o (2) import.php. NOTA:el identificador del vector view.php est\u00e1 recogido actualmente por el CVE-2008-2565.1 y el identificador de edit.php lo recoge el CVE-2008-2565.2."
}
],
"id": "CVE-2013-1748",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-18T11:33:02.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0135
Vulnerability from fkie_nvd - Published: 2013-04-09 03:34 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book v8.2.5 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id en (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, o (3) addressbook/register/edit_user_save.php; el par\u00e1metro email en (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, o (7) addressbook/register/user_add_save.php; el par\u00e1metro username en (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; los par\u00e1metros (10) lastname, (11) firstname, (12) phone, (13) permissions, o (14) notes en addressbook/register/edit_user_save.php; el par\u00e1metro (15) q en addressbook/register/admin_index.php; el par\u00e1metro (16) site en addressbook/register/linktick.php; el par\u00e1metro (17) password en addressbook/register/reset_password.php; el par\u00e1metro (18) password_hint en addressbook/register/reset_password_save.php; el par\u00e1metro (19) var en addressbook/register/traffic.php; o la cookie (20) BasicLogin en addressbook/register/router.php"
}
],
"id": "CVE-2013-0135",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-09T03:34:53.650",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2778
Vulnerability from fkie_nvd - Published: 2013-04-09 03:34 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en addressbook/register/delete_user.php en PHP Address Book v8.2.5 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores en las peticiones de eliminaci\u00f3n de cuentas, una vulnerabilidad diferente a CVE-2013-0135.1."
}
],
"id": "CVE-2013-2778",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-09T03:34:53.680",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1911
Vulnerability from fkie_nvd - Published: 2012-09-09 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDFC724-EAF8-46BC-A403-414D72F447B7",
"versionEndIncluding": "6.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FF0E35-2CE9-4913-9972-06A1CC9ED7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0638A8E0-D5AE-4CE8-A231-189AB5C37760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0ECE8F-2CA0-4A96-829F-CC44E6A23F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705B32EE-8B6F-4E52-BDDD-3E29C8C12DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B552C348-EA14-441B-965D-BFBCF3C659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1CC353-0194-4223-9AE9-9F1A0366CA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "957DEF49-95C3-47A3-87CC-F96244EB02CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE4907C-EEAE-467B-B4D8-815D74BC967C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA8E52-EBC4-467A-9828-7C4FF5DB2F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA81584D-0146-4671-8AA4-826B0679E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB40E9BC-AA89-4BD1-9D0F-B4683594D41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "713BAF0E-F052-4EBD-B96F-617BDF502C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8BE5A-0515-47CB-B9CA-99DD1084931E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2650C2-DC43-4200-A549-72FDD5D0B2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6240EDAA-3A91-4C60-84EA-A707DB15A704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE9BCD9-2FAB-4C5E-84AF-06A018CBCECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D14A98C-11E4-4BDC-ADCC-92AFFEEF7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5934027A-D791-40B2-A6C7-CC48ACC93902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D4AE6B-BF07-42F9-855C-C515DF53DE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E693058-2317-45AA-9EDA-E172481D0F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90AEA533-75C0-405B-9B9C-5112EF915046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C15CD197-7DAD-4167-A09C-8CC624D2C193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32346086-559E-4F3A-89CD-80E2008ADD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5693BA39-D016-4638-B02B-D850DDE70CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911C62F2-1A01-478D-84C9-025B355D2DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A745F5E-80AC-4684-BD75-7971AB59C463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE0883E-2BE6-4DF6-BD79-FF06252C5999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8CE468-BFB1-479F-80A5-CBE64AFBB450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3495E90E-B6A8-40D3-BAA9-300000C96E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31F79981-2AD9-48B2-93AB-CFC4DD2EA509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "795AB655-C201-43B1-8EAE-3E6DBD4F46BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7637C9-BA44-4FB3-868E-7DB92820443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC57C1-10E2-4D07-814C-C4AA12F261FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6AF78B-7394-4DDB-BA29-151776501A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86397AC1-216C-4373-934C-6AA4F21B9646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9840DDB-EE33-4D1A-8492-5F3AFF2CD049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E47917-CFF0-4B09-ACE5-DFC58E05E5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE35A0-C598-485A-A096-2854A05642F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "051D749E-2F22-4297-ADF0-0706A80690DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "09C820E7-02FC-4A92-A4C4-0E2EF0AE0AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8F213E2B-A69D-4774-9C28-3F658716DABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C1245A-52B7-47A7-A821-028488F08FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA93B1-0EA4-40F9-ABAC-22A77ED53575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5578C089-84AE-49C7-887A-4ECAF40C036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6E13B5-F795-4ACB-91B6-E9BE2CC07329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67DBC8D6-430E-4052-AE60-28370A0FB22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FAE015-21BC-4BD3-95DF-BA32A2A0E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F041863D-17BB-4927-AEE4-02D00FC27B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB546BC-9A90-4E1C-A3CC-270FBE1C28BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE508D-0E94-4650-854B-BE69ADE25CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5C2FE-8992-446B-BAD9-60AF7C2FB657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B28FEED4-E6AE-4B54-AC39-88633509D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "379EE48E-8F64-494A-887F-47F45F7756DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906499A-9AE1-49B8-A96D-0E4866ADC877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9805B1F8-D618-4BE0-8B9F-B837332624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDAFB40-DCE2-4B22-A9B4-8E74C046E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3137A-3FA2-4135-A3B9-E6432FE4EE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "697E4786-1656-481E-AEDF-DFFB838A7ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9E243D-EE1F-4476-B1E8-EE56EAC3691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7295A-8B07-4DB7-BA31-CC8924C2F136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B55DB92-22A0-461C-8C82-2F1A3C5D855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4A53AB-E2BA-45DC-9C33-C9F88AFE9405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B57B554-7966-4861-8205-263F0B95B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEE7B03-7BDA-4704-8B24-965288050FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11CA518D-0304-445E-A72B-30EC351FBA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6AE10944-ED44-4726-94C1-54A5D1AE1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9458A499-0B83-4656-8154-401062F3CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7150ABE-D8DC-45AD-A55F-9ACDB7695F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F53A7-5ED8-4C67-A683-4609BA3E7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F0241F-D7CF-4990-9FF0-180D41EF7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5508935A-83E2-4F30-9CFB-10FBA170584D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72AF4463-AC87-4B6E-AEFE-B29E7BA0939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2956FC93-485F-4D93-BAE0-D8D969F8652E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1561EF56-36C2-4214-95EF-5A7E6C466A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3901C534-8162-4B69-A698-1C74C8953D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23EF6361-1C64-4575-9824-874E4E73BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB1978-00E7-4E0A-8D14-9ECDD2B68E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81D7CD-754A-4B16-B02D-F7BFF4717EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C306D7B1-7005-456B-929B-59609A5D4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE982167-CE2B-47EA-B479-FF616972967B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AB8F31-0E68-43FE-8001-B1C7E0D639BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631D327F-C853-4E14-BA57-00D25BD21931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7F9260-68C7-4882-8471-8104D4669234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1C7F75-098F-4B5F-90FB-0DB6397C6563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E400BB-CC69-4545-9C50-30AC0644356C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "655454C1-7AF4-4B30-897C-63AB394C7FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4DD7AA-3CBC-402F-AAFD-3D865591A2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3D29F-31C5-442B-B22D-19506EEA8DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAB49E0-5D06-43BD-8258-4FD913DA9C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91BC2939-05E1-4F5A-A9BC-25F732A9649B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "392FF7B6-06A8-41CC-8704-2E0355850663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939D5ED3-81A9-4896-84D1-21705798BAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "19A07ED0-814A-44B5-B540-361FE802DB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C739837C-9F03-4D89-921D-97EAAC0918FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4BDC6A-AD2C-45B2-BD7B-A6A6F51D8695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72084B7E-1937-4E43-8F61-5CE44F3F8AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "053FD703-D407-403E-B5C0-61DDA99BB722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72B238F1-703F-425C-AA74-570595D78BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9C746-086D-454B-8FA3-F75435FC5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32DFF878-DE06-41B4-8D46-D036750A7E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "065148E1-2E02-46A1-A71F-25A4E946A366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BC22B0AA-2A19-4A93-8D04-74D3905BBC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6835958E-1E7B-4B1E-BB44-FC2A126800E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book v6.2.12 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) to_group a group.php o (2) id a vcard.php. NOTA: el vector edit.php ya est\u00e1 cubierto por CVE-2008-2565."
}
],
"id": "CVE-2012-1911",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-09T21:55:06.650",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-1912
Vulnerability from fkie_nvd - Published: 2012-09-09 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81E0E6C1-11E6-45CD-9DFD-E7363264FAC2",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FF0E35-2CE9-4913-9972-06A1CC9ED7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0638A8E0-D5AE-4CE8-A231-189AB5C37760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0ECE8F-2CA0-4A96-829F-CC44E6A23F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705B32EE-8B6F-4E52-BDDD-3E29C8C12DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B552C348-EA14-441B-965D-BFBCF3C659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1CC353-0194-4223-9AE9-9F1A0366CA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "957DEF49-95C3-47A3-87CC-F96244EB02CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE4907C-EEAE-467B-B4D8-815D74BC967C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA8E52-EBC4-467A-9828-7C4FF5DB2F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA81584D-0146-4671-8AA4-826B0679E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB40E9BC-AA89-4BD1-9D0F-B4683594D41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "713BAF0E-F052-4EBD-B96F-617BDF502C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8BE5A-0515-47CB-B9CA-99DD1084931E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2650C2-DC43-4200-A549-72FDD5D0B2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6240EDAA-3A91-4C60-84EA-A707DB15A704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE9BCD9-2FAB-4C5E-84AF-06A018CBCECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D14A98C-11E4-4BDC-ADCC-92AFFEEF7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5934027A-D791-40B2-A6C7-CC48ACC93902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D4AE6B-BF07-42F9-855C-C515DF53DE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E693058-2317-45AA-9EDA-E172481D0F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90AEA533-75C0-405B-9B9C-5112EF915046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C15CD197-7DAD-4167-A09C-8CC624D2C193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32346086-559E-4F3A-89CD-80E2008ADD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5693BA39-D016-4638-B02B-D850DDE70CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911C62F2-1A01-478D-84C9-025B355D2DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A745F5E-80AC-4684-BD75-7971AB59C463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE0883E-2BE6-4DF6-BD79-FF06252C5999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8CE468-BFB1-479F-80A5-CBE64AFBB450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3495E90E-B6A8-40D3-BAA9-300000C96E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31F79981-2AD9-48B2-93AB-CFC4DD2EA509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "795AB655-C201-43B1-8EAE-3E6DBD4F46BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7637C9-BA44-4FB3-868E-7DB92820443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC57C1-10E2-4D07-814C-C4AA12F261FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6AF78B-7394-4DDB-BA29-151776501A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86397AC1-216C-4373-934C-6AA4F21B9646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9840DDB-EE33-4D1A-8492-5F3AFF2CD049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E47917-CFF0-4B09-ACE5-DFC58E05E5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE35A0-C598-485A-A096-2854A05642F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "051D749E-2F22-4297-ADF0-0706A80690DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "09C820E7-02FC-4A92-A4C4-0E2EF0AE0AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8F213E2B-A69D-4774-9C28-3F658716DABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C1245A-52B7-47A7-A821-028488F08FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA93B1-0EA4-40F9-ABAC-22A77ED53575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5578C089-84AE-49C7-887A-4ECAF40C036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6E13B5-F795-4ACB-91B6-E9BE2CC07329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67DBC8D6-430E-4052-AE60-28370A0FB22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FAE015-21BC-4BD3-95DF-BA32A2A0E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F041863D-17BB-4927-AEE4-02D00FC27B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB546BC-9A90-4E1C-A3CC-270FBE1C28BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE508D-0E94-4650-854B-BE69ADE25CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5C2FE-8992-446B-BAD9-60AF7C2FB657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B28FEED4-E6AE-4B54-AC39-88633509D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "379EE48E-8F64-494A-887F-47F45F7756DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906499A-9AE1-49B8-A96D-0E4866ADC877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9805B1F8-D618-4BE0-8B9F-B837332624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDAFB40-DCE2-4B22-A9B4-8E74C046E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3137A-3FA2-4135-A3B9-E6432FE4EE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "697E4786-1656-481E-AEDF-DFFB838A7ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9E243D-EE1F-4476-B1E8-EE56EAC3691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7295A-8B07-4DB7-BA31-CC8924C2F136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B55DB92-22A0-461C-8C82-2F1A3C5D855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4A53AB-E2BA-45DC-9C33-C9F88AFE9405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B57B554-7966-4861-8205-263F0B95B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEE7B03-7BDA-4704-8B24-965288050FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11CA518D-0304-445E-A72B-30EC351FBA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6AE10944-ED44-4726-94C1-54A5D1AE1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9458A499-0B83-4656-8154-401062F3CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7150ABE-D8DC-45AD-A55F-9ACDB7695F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F53A7-5ED8-4C67-A683-4609BA3E7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F0241F-D7CF-4990-9FF0-180D41EF7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5508935A-83E2-4F30-9CFB-10FBA170584D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72AF4463-AC87-4B6E-AEFE-B29E7BA0939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2956FC93-485F-4D93-BAE0-D8D969F8652E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1561EF56-36C2-4214-95EF-5A7E6C466A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3901C534-8162-4B69-A698-1C74C8953D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23EF6361-1C64-4575-9824-874E4E73BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB1978-00E7-4E0A-8D14-9ECDD2B68E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81D7CD-754A-4B16-B02D-F7BFF4717EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C306D7B1-7005-456B-929B-59609A5D4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE982167-CE2B-47EA-B479-FF616972967B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AB8F31-0E68-43FE-8001-B1C7E0D639BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631D327F-C853-4E14-BA57-00D25BD21931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7F9260-68C7-4882-8471-8104D4669234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1C7F75-098F-4B5F-90FB-0DB6397C6563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E400BB-CC69-4545-9C50-30AC0644356C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "655454C1-7AF4-4B30-897C-63AB394C7FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4DD7AA-3CBC-402F-AAFD-3D865591A2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3D29F-31C5-442B-B22D-19506EEA8DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAB49E0-5D06-43BD-8258-4FD913DA9C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91BC2939-05E1-4F5A-A9BC-25F732A9649B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "392FF7B6-06A8-41CC-8704-2E0355850663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939D5ED3-81A9-4896-84D1-21705798BAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "19A07ED0-814A-44B5-B540-361FE802DB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C739837C-9F03-4D89-921D-97EAAC0918FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4BDC6A-AD2C-45B2-BD7B-A6A6F51D8695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72084B7E-1937-4E43-8F61-5CE44F3F8AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "053FD703-D407-403E-B5C0-61DDA99BB722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72B238F1-703F-425C-AA74-570595D78BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9C746-086D-454B-8FA3-F75435FC5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32DFF878-DE06-41B4-8D46-D036750A7E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "065148E1-2E02-46A1-A71F-25A4E946A366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BC22B0AA-2A19-4A93-8D04-74D3905BBC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6835958E-1E7B-4B1E-BB44-FC2A126800E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0FCDB-6790-4761-BF7C-E720F2AD18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F0DA82-2EEA-4264-9DEF-1849D34F11D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en preferences.php en PHP Address Book v7.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro form. NOTA: el vector index.php est\u00e1 cubierto por CVE-2008-2566."
}
],
"id": "CVE-2012-1912",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-09T21:55:06.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42781"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2903
Vulnerability from fkie_nvd - Published: 2012-05-21 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97A3FA42-FB91-47BA-A280-51772E3D73EB",
"versionEndIncluding": "6.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FF0E35-2CE9-4913-9972-06A1CC9ED7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0638A8E0-D5AE-4CE8-A231-189AB5C37760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0ECE8F-2CA0-4A96-829F-CC44E6A23F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705B32EE-8B6F-4E52-BDDD-3E29C8C12DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B552C348-EA14-441B-965D-BFBCF3C659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1CC353-0194-4223-9AE9-9F1A0366CA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "957DEF49-95C3-47A3-87CC-F96244EB02CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE4907C-EEAE-467B-B4D8-815D74BC967C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA8E52-EBC4-467A-9828-7C4FF5DB2F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA81584D-0146-4671-8AA4-826B0679E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB40E9BC-AA89-4BD1-9D0F-B4683594D41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "713BAF0E-F052-4EBD-B96F-617BDF502C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8BE5A-0515-47CB-B9CA-99DD1084931E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2650C2-DC43-4200-A549-72FDD5D0B2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6240EDAA-3A91-4C60-84EA-A707DB15A704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE9BCD9-2FAB-4C5E-84AF-06A018CBCECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D14A98C-11E4-4BDC-ADCC-92AFFEEF7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5934027A-D791-40B2-A6C7-CC48ACC93902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D4AE6B-BF07-42F9-855C-C515DF53DE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E693058-2317-45AA-9EDA-E172481D0F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90AEA533-75C0-405B-9B9C-5112EF915046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C15CD197-7DAD-4167-A09C-8CC624D2C193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32346086-559E-4F3A-89CD-80E2008ADD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5693BA39-D016-4638-B02B-D850DDE70CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911C62F2-1A01-478D-84C9-025B355D2DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A745F5E-80AC-4684-BD75-7971AB59C463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE0883E-2BE6-4DF6-BD79-FF06252C5999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8CE468-BFB1-479F-80A5-CBE64AFBB450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3495E90E-B6A8-40D3-BAA9-300000C96E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31F79981-2AD9-48B2-93AB-CFC4DD2EA509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "795AB655-C201-43B1-8EAE-3E6DBD4F46BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7637C9-BA44-4FB3-868E-7DB92820443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC57C1-10E2-4D07-814C-C4AA12F261FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6AF78B-7394-4DDB-BA29-151776501A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86397AC1-216C-4373-934C-6AA4F21B9646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9840DDB-EE33-4D1A-8492-5F3AFF2CD049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E47917-CFF0-4B09-ACE5-DFC58E05E5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE35A0-C598-485A-A096-2854A05642F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "051D749E-2F22-4297-ADF0-0706A80690DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "09C820E7-02FC-4A92-A4C4-0E2EF0AE0AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8F213E2B-A69D-4774-9C28-3F658716DABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C1245A-52B7-47A7-A821-028488F08FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA93B1-0EA4-40F9-ABAC-22A77ED53575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5578C089-84AE-49C7-887A-4ECAF40C036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6E13B5-F795-4ACB-91B6-E9BE2CC07329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67DBC8D6-430E-4052-AE60-28370A0FB22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FAE015-21BC-4BD3-95DF-BA32A2A0E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F041863D-17BB-4927-AEE4-02D00FC27B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB546BC-9A90-4E1C-A3CC-270FBE1C28BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE508D-0E94-4650-854B-BE69ADE25CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5C2FE-8992-446B-BAD9-60AF7C2FB657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B28FEED4-E6AE-4B54-AC39-88633509D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "379EE48E-8F64-494A-887F-47F45F7756DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906499A-9AE1-49B8-A96D-0E4866ADC877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9805B1F8-D618-4BE0-8B9F-B837332624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDAFB40-DCE2-4B22-A9B4-8E74C046E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3137A-3FA2-4135-A3B9-E6432FE4EE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "697E4786-1656-481E-AEDF-DFFB838A7ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9E243D-EE1F-4476-B1E8-EE56EAC3691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7295A-8B07-4DB7-BA31-CC8924C2F136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B55DB92-22A0-461C-8C82-2F1A3C5D855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4A53AB-E2BA-45DC-9C33-C9F88AFE9405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B57B554-7966-4861-8205-263F0B95B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEE7B03-7BDA-4704-8B24-965288050FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11CA518D-0304-445E-A72B-30EC351FBA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6AE10944-ED44-4726-94C1-54A5D1AE1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9458A499-0B83-4656-8154-401062F3CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7150ABE-D8DC-45AD-A55F-9ACDB7695F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F53A7-5ED8-4C67-A683-4609BA3E7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F0241F-D7CF-4990-9FF0-180D41EF7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5508935A-83E2-4F30-9CFB-10FBA170584D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72AF4463-AC87-4B6E-AEFE-B29E7BA0939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2956FC93-485F-4D93-BAE0-D8D969F8652E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1561EF56-36C2-4214-95EF-5A7E6C466A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3901C534-8162-4B69-A698-1C74C8953D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23EF6361-1C64-4575-9824-874E4E73BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB1978-00E7-4E0A-8D14-9ECDD2B68E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81D7CD-754A-4B16-B02D-F7BFF4717EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C306D7B1-7005-456B-929B-59609A5D4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE982167-CE2B-47EA-B479-FF616972967B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AB8F31-0E68-43FE-8001-B1C7E0D639BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631D327F-C853-4E14-BA57-00D25BD21931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7F9260-68C7-4882-8471-8104D4669234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1C7F75-098F-4B5F-90FB-0DB6397C6563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E400BB-CC69-4545-9C50-30AC0644356C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "655454C1-7AF4-4B30-897C-63AB394C7FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4DD7AA-3CBC-402F-AAFD-3D865591A2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3D29F-31C5-442B-B22D-19506EEA8DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAB49E0-5D06-43BD-8258-4FD913DA9C88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
},
{
"lang": "es",
"value": "M\u00faltiple vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en PHP Address Book 7.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metro (1) PATH_INFO sobre group.php, o tambi\u00e9n con los par\u00e1mtros (2) target_language o (3) target_flag sobre translate.php."
}
],
"id": "CVE-2012-2903",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-21T18:55:02.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2608
Vulnerability from fkie_nvd - Published: 2009-07-27 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 4.0.1 | |
| chatelao | php_address_book | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB55AC9-5FE9-4D82-96F6-55BA869DED41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book versiones 4.0.x, permiten a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del (1) par\u00e1metro id en el archivo delete.php o (2) par\u00e1metro alphabet en el archivo index.php. NOTA: los vectores edit.php y view.php ya est\u00e1n cubiertos por el CVE-2008-2565."
}
],
"id": "CVE-2009-2608",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-27T18:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35590"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9023"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35511"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-1749 (GCVE-0-2013-1749)
Vulnerability from cvelistv5 – Published: 2013-04-18 10:00 – Updated: 2024-09-16 23:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-18T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1749",
"datePublished": "2013-04-18T10:00:00Z",
"dateReserved": "2013-02-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:05:45.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1748 (GCVE-0-2013-1748)
Vulnerability from cvelistv5 – Published: 2013-04-18 10:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-18T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1748",
"datePublished": "2013-04-18T10:00:00Z",
"dateReserved": "2013-02-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:54.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0135 (GCVE-0-2013-0135)
Vulnerability from cvelistv5 – Published: 2013-04-09 01:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:08.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#183692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#183692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-0135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#183692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
"refsource": "MISC",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-0135",
"datePublished": "2013-04-09T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:08.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2778 (GCVE-0-2013-2778)
Vulnerability from cvelistv5 – Published: 2013-04-09 01:00 – Updated: 2024-09-17 03:13
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-09T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
"refsource": "MISC",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2778",
"datePublished": "2013-04-09T01:00:00Z",
"dateReserved": "2013-04-08T00:00:00Z",
"dateUpdated": "2024-09-17T03:13:45.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1912 (GCVE-0-2012-1912)
Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52396"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1912",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1911 (GCVE-0-2012-1911)
Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18578",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52396"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1911",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2903 (GCVE-0-2012-2903)
Vulnerability from cvelistv5 – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:04.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2903",
"datePublished": "2012-05-21T18:00:00",
"dateReserved": "2012-05-21T00:00:00",
"dateUpdated": "2024-08-06T19:50:04.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2608 (GCVE-0-2009-2608)
Vulnerability from cvelistv5 – Published: 2009-07-27 18:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2608",
"datePublished": "2009-07-27T18:00:00",
"dateReserved": "2009-07-27T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1749 (GCVE-0-2013-1749)
Vulnerability from nvd – Published: 2013-04-18 10:00 – Updated: 2024-09-16 23:05
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-18T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1749",
"datePublished": "2013-04-18T10:00:00Z",
"dateReserved": "2013-02-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:05:45.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1748 (GCVE-0-2013-1748)
Vulnerability from nvd – Published: 2013-04-18 10:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-18T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1748",
"datePublished": "2013-04-18T10:00:00Z",
"dateReserved": "2013-02-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:54.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0135 (GCVE-0-2013-0135)
Vulnerability from nvd – Published: 2013-04-09 01:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:08.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#183692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#183692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-0135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#183692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
"refsource": "MISC",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-0135",
"datePublished": "2013-04-09T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:08.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2778 (GCVE-0-2013-2778)
Vulnerability from nvd – Published: 2013-04-09 01:00 – Updated: 2024-09-17 03:13
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-09T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
"refsource": "MISC",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2778",
"datePublished": "2013-04-09T01:00:00Z",
"dateReserved": "2013-04-08T00:00:00Z",
"dateUpdated": "2024-09-17T03:13:45.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1912 (GCVE-0-2012-1912)
Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52396"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1912",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1911 (GCVE-0-2012-1911)
Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18578",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52396"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1911",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2903 (GCVE-0-2012-2903)
Vulnerability from nvd – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:04.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2903",
"datePublished": "2012-05-21T18:00:00",
"dateReserved": "2012-05-21T00:00:00",
"dateUpdated": "2024-08-06T19:50:04.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2608 (GCVE-0-2009-2608)
Vulnerability from nvd – Published: 2009-07-27 18:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2608",
"datePublished": "2009-07-27T18:00:00",
"dateReserved": "2009-07-27T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}