Search criteria
4 vulnerabilities by coronamatrix
CVE-2008-7145 (GCVE-0-2008-7145)
Vulnerability from cvelistv5 – Published: 2009-09-01 16:00 – Updated: 2024-08-07 11:56
VLAI
Summary
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/28456 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/490097/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/51050 | vdb-entryx_refsource_OSVDB |
Date Public
2008-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28456"
},
{
"name": "20080326 php-addressbook v2.0 SQL Injection Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490097/100/0/threaded"
},
{
"name": "51050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28456"
},
{
"name": "20080326 php-addressbook v2.0 SQL Injection Vulnerbility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490097/100/0/threaded"
},
{
"name": "51050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28456"
},
{
"name": "20080326 php-addressbook v2.0 SQL Injection Vulnerbility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490097/100/0/threaded"
},
{
"name": "51050",
"refsource": "OSVDB",
"url": "http://osvdb.org/51050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7145",
"datePublished": "2009-09-01T16:00:00.000Z",
"dateReserved": "2009-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:56:14.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6646 (GCVE-0-2008-6646)
Vulnerability from cvelistv5 – Published: 2009-04-07 10:00 – Updated: 2024-08-07 11:34
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/491525/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/29005 | vdb-entryx_refsource_BID |
Date Public
2008-05-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phpaddressbook-username-xss(42140)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42140"
},
{
"name": "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491525/100/0/threaded"
},
{
"name": "29005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phpaddressbook-username-xss(42140)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42140"
},
{
"name": "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491525/100/0/threaded"
},
{
"name": "29005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpaddressbook-username-xss(42140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42140"
},
{
"name": "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491525/100/0/threaded"
},
{
"name": "29005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6646",
"datePublished": "2009-04-07T10:00:00.000Z",
"dateReserved": "2009-04-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:47.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1847 (GCVE-0-2008-1847)
Vulnerability from cvelistv5 – Published: 2008-04-16 17:00 – Updated: 2024-08-07 08:40
VLAI
Summary
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/5432 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/28750 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-04-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5432",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5432"
},
{
"name": "28750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28750"
},
{
"name": "phpaddressbook-index-sql-injection(41498)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5432",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5432"
},
{
"name": "28750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28750"
},
{
"name": "phpaddressbook-index-sql-injection(41498)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5432",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5432"
},
{
"name": "28750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28750"
},
{
"name": "phpaddressbook-index-sql-injection(41498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1847",
"datePublished": "2008-04-16T17:00:00.000Z",
"dateReserved": "2008-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:59.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1492 (GCVE-0-2008-1492)
Vulnerability from cvelistv5 – Published: 2008-03-25 19:00 – Updated: 2024-08-07 08:24
VLAI
Summary
Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/489971/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/491525/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/3772 | third-party-advisoryx_refsource_SREASON |
| https://www.exploit-db.com/exploits/5288 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29514 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/28397 | vdb-entryx_refsource_BID |
| http://0x90.com.ar/Advisory/20080321.txt | x_refsource_MISC |
Date Public
2008-03-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080322 phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489971/100/0/threaded"
},
{
"name": "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491525/100/0/threaded"
},
{
"name": "3772",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3772"
},
{
"name": "5288",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5288"
},
{
"name": "phpaddressbook-skin-directory-traversal(41394)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41394"
},
{
"name": "29514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29514"
},
{
"name": "28397",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28397"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://0x90.com.ar/Advisory/20080321.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080322 phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489971/100/0/threaded"
},
{
"name": "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491525/100/0/threaded"
},
{
"name": "3772",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3772"
},
{
"name": "5288",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5288"
},
{
"name": "phpaddressbook-skin-directory-traversal(41394)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41394"
},
{
"name": "29514",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29514"
},
{
"name": "28397",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28397"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://0x90.com.ar/Advisory/20080321.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080322 phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489971/100/0/threaded"
},
{
"name": "20080501 php-addressbook v2.0 Multiple Remote Vulnerabilities (LFI/XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491525/100/0/threaded"
},
{
"name": "3772",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3772"
},
{
"name": "5288",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5288"
},
{
"name": "phpaddressbook-skin-directory-traversal(41394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41394"
},
{
"name": "29514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29514"
},
{
"name": "28397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28397"
},
{
"name": "http://0x90.com.ar/Advisory/20080321.txt",
"refsource": "MISC",
"url": "http://0x90.com.ar/Advisory/20080321.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1492",
"datePublished": "2008-03-25T19:00:00.000Z",
"dateReserved": "2008-03-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:24:41.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}