Vulnerabilites related to chatelao - php_address_book
Vulnerability from fkie_nvd
Published
2012-09-09 21:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81E0E6C1-11E6-45CD-9DFD-E7363264FAC2",
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FF0E35-2CE9-4913-9972-06A1CC9ED7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0638A8E0-D5AE-4CE8-A231-189AB5C37760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0ECE8F-2CA0-4A96-829F-CC44E6A23F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705B32EE-8B6F-4E52-BDDD-3E29C8C12DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B552C348-EA14-441B-965D-BFBCF3C659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1CC353-0194-4223-9AE9-9F1A0366CA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "957DEF49-95C3-47A3-87CC-F96244EB02CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE4907C-EEAE-467B-B4D8-815D74BC967C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA8E52-EBC4-467A-9828-7C4FF5DB2F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA81584D-0146-4671-8AA4-826B0679E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB40E9BC-AA89-4BD1-9D0F-B4683594D41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "713BAF0E-F052-4EBD-B96F-617BDF502C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8BE5A-0515-47CB-B9CA-99DD1084931E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2650C2-DC43-4200-A549-72FDD5D0B2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6240EDAA-3A91-4C60-84EA-A707DB15A704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE9BCD9-2FAB-4C5E-84AF-06A018CBCECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D14A98C-11E4-4BDC-ADCC-92AFFEEF7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5934027A-D791-40B2-A6C7-CC48ACC93902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D4AE6B-BF07-42F9-855C-C515DF53DE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E693058-2317-45AA-9EDA-E172481D0F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90AEA533-75C0-405B-9B9C-5112EF915046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C15CD197-7DAD-4167-A09C-8CC624D2C193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32346086-559E-4F3A-89CD-80E2008ADD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5693BA39-D016-4638-B02B-D850DDE70CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911C62F2-1A01-478D-84C9-025B355D2DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A745F5E-80AC-4684-BD75-7971AB59C463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE0883E-2BE6-4DF6-BD79-FF06252C5999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8CE468-BFB1-479F-80A5-CBE64AFBB450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3495E90E-B6A8-40D3-BAA9-300000C96E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31F79981-2AD9-48B2-93AB-CFC4DD2EA509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "795AB655-C201-43B1-8EAE-3E6DBD4F46BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7637C9-BA44-4FB3-868E-7DB92820443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC57C1-10E2-4D07-814C-C4AA12F261FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6AF78B-7394-4DDB-BA29-151776501A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86397AC1-216C-4373-934C-6AA4F21B9646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9840DDB-EE33-4D1A-8492-5F3AFF2CD049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E47917-CFF0-4B09-ACE5-DFC58E05E5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE35A0-C598-485A-A096-2854A05642F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "051D749E-2F22-4297-ADF0-0706A80690DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "09C820E7-02FC-4A92-A4C4-0E2EF0AE0AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8F213E2B-A69D-4774-9C28-3F658716DABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C1245A-52B7-47A7-A821-028488F08FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA93B1-0EA4-40F9-ABAC-22A77ED53575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5578C089-84AE-49C7-887A-4ECAF40C036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6E13B5-F795-4ACB-91B6-E9BE2CC07329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67DBC8D6-430E-4052-AE60-28370A0FB22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FAE015-21BC-4BD3-95DF-BA32A2A0E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F041863D-17BB-4927-AEE4-02D00FC27B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB546BC-9A90-4E1C-A3CC-270FBE1C28BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE508D-0E94-4650-854B-BE69ADE25CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5C2FE-8992-446B-BAD9-60AF7C2FB657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B28FEED4-E6AE-4B54-AC39-88633509D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "379EE48E-8F64-494A-887F-47F45F7756DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906499A-9AE1-49B8-A96D-0E4866ADC877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9805B1F8-D618-4BE0-8B9F-B837332624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDAFB40-DCE2-4B22-A9B4-8E74C046E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3137A-3FA2-4135-A3B9-E6432FE4EE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "697E4786-1656-481E-AEDF-DFFB838A7ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9E243D-EE1F-4476-B1E8-EE56EAC3691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7295A-8B07-4DB7-BA31-CC8924C2F136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B55DB92-22A0-461C-8C82-2F1A3C5D855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4A53AB-E2BA-45DC-9C33-C9F88AFE9405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B57B554-7966-4861-8205-263F0B95B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEE7B03-7BDA-4704-8B24-965288050FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11CA518D-0304-445E-A72B-30EC351FBA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6AE10944-ED44-4726-94C1-54A5D1AE1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9458A499-0B83-4656-8154-401062F3CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7150ABE-D8DC-45AD-A55F-9ACDB7695F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F53A7-5ED8-4C67-A683-4609BA3E7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F0241F-D7CF-4990-9FF0-180D41EF7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5508935A-83E2-4F30-9CFB-10FBA170584D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72AF4463-AC87-4B6E-AEFE-B29E7BA0939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2956FC93-485F-4D93-BAE0-D8D969F8652E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1561EF56-36C2-4214-95EF-5A7E6C466A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3901C534-8162-4B69-A698-1C74C8953D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23EF6361-1C64-4575-9824-874E4E73BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB1978-00E7-4E0A-8D14-9ECDD2B68E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81D7CD-754A-4B16-B02D-F7BFF4717EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C306D7B1-7005-456B-929B-59609A5D4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE982167-CE2B-47EA-B479-FF616972967B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AB8F31-0E68-43FE-8001-B1C7E0D639BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631D327F-C853-4E14-BA57-00D25BD21931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7F9260-68C7-4882-8471-8104D4669234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1C7F75-098F-4B5F-90FB-0DB6397C6563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E400BB-CC69-4545-9C50-30AC0644356C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "655454C1-7AF4-4B30-897C-63AB394C7FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4DD7AA-3CBC-402F-AAFD-3D865591A2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3D29F-31C5-442B-B22D-19506EEA8DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAB49E0-5D06-43BD-8258-4FD913DA9C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91BC2939-05E1-4F5A-A9BC-25F732A9649B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "392FF7B6-06A8-41CC-8704-2E0355850663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939D5ED3-81A9-4896-84D1-21705798BAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "19A07ED0-814A-44B5-B540-361FE802DB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C739837C-9F03-4D89-921D-97EAAC0918FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4BDC6A-AD2C-45B2-BD7B-A6A6F51D8695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72084B7E-1937-4E43-8F61-5CE44F3F8AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "053FD703-D407-403E-B5C0-61DDA99BB722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72B238F1-703F-425C-AA74-570595D78BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9C746-086D-454B-8FA3-F75435FC5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32DFF878-DE06-41B4-8D46-D036750A7E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "065148E1-2E02-46A1-A71F-25A4E946A366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BC22B0AA-2A19-4A93-8D04-74D3905BBC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6835958E-1E7B-4B1E-BB44-FC2A126800E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0FCDB-6790-4761-BF7C-E720F2AD18AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A2F0DA82-2EEA-4264-9DEF-1849D34F11D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en preferences.php en PHP Address Book v7.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro form. NOTA: el vector index.php est\u00e1 cubierto por CVE-2008-2566."
}
],
"id": "CVE-2012-1912",
"lastModified": "2024-11-21T01:38:02.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-09T21:55:06.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42781"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-21 18:55
Modified
2024-11-21 01:39
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97A3FA42-FB91-47BA-A280-51772E3D73EB",
"versionEndIncluding": "6.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FF0E35-2CE9-4913-9972-06A1CC9ED7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0638A8E0-D5AE-4CE8-A231-189AB5C37760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0ECE8F-2CA0-4A96-829F-CC44E6A23F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705B32EE-8B6F-4E52-BDDD-3E29C8C12DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B552C348-EA14-441B-965D-BFBCF3C659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1CC353-0194-4223-9AE9-9F1A0366CA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "957DEF49-95C3-47A3-87CC-F96244EB02CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE4907C-EEAE-467B-B4D8-815D74BC967C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA8E52-EBC4-467A-9828-7C4FF5DB2F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA81584D-0146-4671-8AA4-826B0679E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB40E9BC-AA89-4BD1-9D0F-B4683594D41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "713BAF0E-F052-4EBD-B96F-617BDF502C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8BE5A-0515-47CB-B9CA-99DD1084931E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2650C2-DC43-4200-A549-72FDD5D0B2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6240EDAA-3A91-4C60-84EA-A707DB15A704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE9BCD9-2FAB-4C5E-84AF-06A018CBCECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D14A98C-11E4-4BDC-ADCC-92AFFEEF7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5934027A-D791-40B2-A6C7-CC48ACC93902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D4AE6B-BF07-42F9-855C-C515DF53DE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E693058-2317-45AA-9EDA-E172481D0F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90AEA533-75C0-405B-9B9C-5112EF915046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C15CD197-7DAD-4167-A09C-8CC624D2C193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32346086-559E-4F3A-89CD-80E2008ADD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5693BA39-D016-4638-B02B-D850DDE70CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911C62F2-1A01-478D-84C9-025B355D2DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A745F5E-80AC-4684-BD75-7971AB59C463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE0883E-2BE6-4DF6-BD79-FF06252C5999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8CE468-BFB1-479F-80A5-CBE64AFBB450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3495E90E-B6A8-40D3-BAA9-300000C96E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31F79981-2AD9-48B2-93AB-CFC4DD2EA509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "795AB655-C201-43B1-8EAE-3E6DBD4F46BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7637C9-BA44-4FB3-868E-7DB92820443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC57C1-10E2-4D07-814C-C4AA12F261FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6AF78B-7394-4DDB-BA29-151776501A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86397AC1-216C-4373-934C-6AA4F21B9646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9840DDB-EE33-4D1A-8492-5F3AFF2CD049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E47917-CFF0-4B09-ACE5-DFC58E05E5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE35A0-C598-485A-A096-2854A05642F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "051D749E-2F22-4297-ADF0-0706A80690DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "09C820E7-02FC-4A92-A4C4-0E2EF0AE0AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8F213E2B-A69D-4774-9C28-3F658716DABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C1245A-52B7-47A7-A821-028488F08FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA93B1-0EA4-40F9-ABAC-22A77ED53575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5578C089-84AE-49C7-887A-4ECAF40C036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6E13B5-F795-4ACB-91B6-E9BE2CC07329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67DBC8D6-430E-4052-AE60-28370A0FB22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FAE015-21BC-4BD3-95DF-BA32A2A0E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F041863D-17BB-4927-AEE4-02D00FC27B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB546BC-9A90-4E1C-A3CC-270FBE1C28BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE508D-0E94-4650-854B-BE69ADE25CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5C2FE-8992-446B-BAD9-60AF7C2FB657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B28FEED4-E6AE-4B54-AC39-88633509D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "379EE48E-8F64-494A-887F-47F45F7756DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906499A-9AE1-49B8-A96D-0E4866ADC877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9805B1F8-D618-4BE0-8B9F-B837332624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDAFB40-DCE2-4B22-A9B4-8E74C046E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3137A-3FA2-4135-A3B9-E6432FE4EE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "697E4786-1656-481E-AEDF-DFFB838A7ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9E243D-EE1F-4476-B1E8-EE56EAC3691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7295A-8B07-4DB7-BA31-CC8924C2F136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B55DB92-22A0-461C-8C82-2F1A3C5D855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4A53AB-E2BA-45DC-9C33-C9F88AFE9405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B57B554-7966-4861-8205-263F0B95B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEE7B03-7BDA-4704-8B24-965288050FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11CA518D-0304-445E-A72B-30EC351FBA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6AE10944-ED44-4726-94C1-54A5D1AE1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9458A499-0B83-4656-8154-401062F3CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7150ABE-D8DC-45AD-A55F-9ACDB7695F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F53A7-5ED8-4C67-A683-4609BA3E7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F0241F-D7CF-4990-9FF0-180D41EF7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5508935A-83E2-4F30-9CFB-10FBA170584D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72AF4463-AC87-4B6E-AEFE-B29E7BA0939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2956FC93-485F-4D93-BAE0-D8D969F8652E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1561EF56-36C2-4214-95EF-5A7E6C466A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3901C534-8162-4B69-A698-1C74C8953D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23EF6361-1C64-4575-9824-874E4E73BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB1978-00E7-4E0A-8D14-9ECDD2B68E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81D7CD-754A-4B16-B02D-F7BFF4717EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C306D7B1-7005-456B-929B-59609A5D4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE982167-CE2B-47EA-B479-FF616972967B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AB8F31-0E68-43FE-8001-B1C7E0D639BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631D327F-C853-4E14-BA57-00D25BD21931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7F9260-68C7-4882-8471-8104D4669234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1C7F75-098F-4B5F-90FB-0DB6397C6563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E400BB-CC69-4545-9C50-30AC0644356C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "655454C1-7AF4-4B30-897C-63AB394C7FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4DD7AA-3CBC-402F-AAFD-3D865591A2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3D29F-31C5-442B-B22D-19506EEA8DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAB49E0-5D06-43BD-8258-4FD913DA9C88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
},
{
"lang": "es",
"value": "M\u00faltiple vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en PHP Address Book 7.0 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metro (1) PATH_INFO sobre group.php, o tambi\u00e9n con los par\u00e1mtros (2) target_language o (3) target_flag sobre translate.php."
}
],
"id": "CVE-2012-2903",
"lastModified": "2024-11-21T01:39:52.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-21T18:55:02.743",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-27 18:30
Modified
2024-11-21 01:05
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 4.0.1 | |
| chatelao | php_address_book | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB55AC9-5FE9-4D82-96F6-55BA869DED41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book versiones 4.0.x, permiten a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del (1) par\u00e1metro id en el archivo delete.php o (2) par\u00e1metro alphabet en el archivo index.php. NOTA: los vectores edit.php y view.php ya est\u00e1n cubiertos por el CVE-2008-2565."
}
],
"id": "CVE-2009-2608",
"lastModified": "2024-11-21T01:05:17.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-27T18:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35590"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9023"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35511"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-09 21:55
Modified
2024-11-21 01:38
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FDFC724-EAF8-46BC-A403-414D72F447B7",
"versionEndIncluding": "6.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9FF0E35-2CE9-4913-9972-06A1CC9ED7F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0638A8E0-D5AE-4CE8-A231-189AB5C37760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0ECE8F-2CA0-4A96-829F-CC44E6A23F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705B32EE-8B6F-4E52-BDDD-3E29C8C12DA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B552C348-EA14-441B-965D-BFBCF3C659B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1CC353-0194-4223-9AE9-9F1A0366CA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "957DEF49-95C3-47A3-87CC-F96244EB02CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE4907C-EEAE-467B-B4D8-815D74BC967C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA8E52-EBC4-467A-9828-7C4FF5DB2F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA81584D-0146-4671-8AA4-826B0679E814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB40E9BC-AA89-4BD1-9D0F-B4683594D41E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "713BAF0E-F052-4EBD-B96F-617BDF502C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "00B8BE5A-0515-47CB-B9CA-99DD1084931E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2650C2-DC43-4200-A549-72FDD5D0B2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6240EDAA-3A91-4C60-84EA-A707DB15A704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE9BCD9-2FAB-4C5E-84AF-06A018CBCECA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9D14A98C-11E4-4BDC-ADCC-92AFFEEF7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5934027A-D791-40B2-A6C7-CC48ACC93902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55D4AE6B-BF07-42F9-855C-C515DF53DE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E693058-2317-45AA-9EDA-E172481D0F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "90AEA533-75C0-405B-9B9C-5112EF915046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C15CD197-7DAD-4167-A09C-8CC624D2C193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32346086-559E-4F3A-89CD-80E2008ADD9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5693BA39-D016-4638-B02B-D850DDE70CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "911C62F2-1A01-478D-84C9-025B355D2DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3A745F5E-80AC-4684-BD75-7971AB59C463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE0883E-2BE6-4DF6-BD79-FF06252C5999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B8CE468-BFB1-479F-80A5-CBE64AFBB450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3495E90E-B6A8-40D3-BAA9-300000C96E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31F79981-2AD9-48B2-93AB-CFC4DD2EA509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "795AB655-C201-43B1-8EAE-3E6DBD4F46BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF7637C9-BA44-4FB3-868E-7DB92820443F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC57C1-10E2-4D07-814C-C4AA12F261FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E6AF78B-7394-4DDB-BA29-151776501A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86397AC1-216C-4373-934C-6AA4F21B9646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A9840DDB-EE33-4D1A-8492-5F3AFF2CD049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E47917-CFF0-4B09-ACE5-DFC58E05E5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAE35A0-C598-485A-A096-2854A05642F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "051D749E-2F22-4297-ADF0-0706A80690DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "09C820E7-02FC-4A92-A4C4-0E2EF0AE0AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8F213E2B-A69D-4774-9C28-3F658716DABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C1245A-52B7-47A7-A821-028488F08FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "52BA93B1-0EA4-40F9-ABAC-22A77ED53575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5578C089-84AE-49C7-887A-4ECAF40C036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6E13B5-F795-4ACB-91B6-E9BE2CC07329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "67DBC8D6-430E-4052-AE60-28370A0FB22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FAE015-21BC-4BD3-95DF-BA32A2A0E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F041863D-17BB-4927-AEE4-02D00FC27B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB546BC-9A90-4E1C-A3CC-270FBE1C28BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE508D-0E94-4650-854B-BE69ADE25CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5C2FE-8992-446B-BAD9-60AF7C2FB657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B28FEED4-E6AE-4B54-AC39-88633509D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "379EE48E-8F64-494A-887F-47F45F7756DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F906499A-9AE1-49B8-A96D-0E4866ADC877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9805B1F8-D618-4BE0-8B9F-B837332624B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDAFB40-DCE2-4B22-A9B4-8E74C046E87F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3137A-3FA2-4135-A3B9-E6432FE4EE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "697E4786-1656-481E-AEDF-DFFB838A7ABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9E243D-EE1F-4476-B1E8-EE56EAC3691E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AFC7295A-8B07-4DB7-BA31-CC8924C2F136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6B55DB92-22A0-461C-8C82-2F1A3C5D855E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "42B80912-2590-41E4-9F02-94F830E5829C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA4A53AB-E2BA-45DC-9C33-C9F88AFE9405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B57B554-7966-4861-8205-263F0B95B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEE7B03-7BDA-4704-8B24-965288050FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11CA518D-0304-445E-A72B-30EC351FBA08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "6AE10944-ED44-4726-94C1-54A5D1AE1235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9458A499-0B83-4656-8154-401062F3CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7150ABE-D8DC-45AD-A55F-9ACDB7695F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F53A7-5ED8-4C67-A683-4609BA3E7101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F0241F-D7CF-4990-9FF0-180D41EF7E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5508935A-83E2-4F30-9CFB-10FBA170584D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72AF4463-AC87-4B6E-AEFE-B29E7BA0939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2956FC93-485F-4D93-BAE0-D8D969F8652E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1561EF56-36C2-4214-95EF-5A7E6C466A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3901C534-8162-4B69-A698-1C74C8953D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23EF6361-1C64-4575-9824-874E4E73BAC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "84FB1978-00E7-4E0A-8D14-9ECDD2B68E34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DD81D7CD-754A-4B16-B02D-F7BFF4717EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C306D7B1-7005-456B-929B-59609A5D4AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FE982167-CE2B-47EA-B479-FF616972967B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AB8F31-0E68-43FE-8001-B1C7E0D639BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "631D327F-C853-4E14-BA57-00D25BD21931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7F9260-68C7-4882-8471-8104D4669234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1C7F75-098F-4B5F-90FB-0DB6397C6563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E400BB-CC69-4545-9C50-30AC0644356C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "655454C1-7AF4-4B30-897C-63AB394C7FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4DD7AA-3CBC-402F-AAFD-3D865591A2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23B3D29F-31C5-442B-B22D-19506EEA8DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAB49E0-5D06-43BD-8258-4FD913DA9C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91BC2939-05E1-4F5A-A9BC-25F732A9649B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "392FF7B6-06A8-41CC-8704-2E0355850663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939D5ED3-81A9-4896-84D1-21705798BAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "19A07ED0-814A-44B5-B540-361FE802DB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C739837C-9F03-4D89-921D-97EAAC0918FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4BDC6A-AD2C-45B2-BD7B-A6A6F51D8695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72084B7E-1937-4E43-8F61-5CE44F3F8AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "053FD703-D407-403E-B5C0-61DDA99BB722",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72B238F1-703F-425C-AA74-570595D78BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B9C746-086D-454B-8FA3-F75435FC5325",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "32DFF878-DE06-41B4-8D46-D036750A7E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "065148E1-2E02-46A1-A71F-25A4E946A366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BC22B0AA-2A19-4A93-8D04-74D3905BBC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:6.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6835958E-1E7B-4B1E-BB44-FC2A126800E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book v6.2.12 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) to_group a group.php o (2) id a vcard.php. NOTA: el vector edit.php ya est\u00e1 cubierto por CVE-2008-2565."
}
],
"id": "CVE-2012-1911",
"lastModified": "2024-11-21T01:38:02.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-09T21:55:06.650",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-09 03:34
Modified
2024-11-21 01:52
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en addressbook/register/delete_user.php en PHP Address Book v8.2.5 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores en las peticiones de eliminaci\u00f3n de cuentas, una vulnerabilidad diferente a CVE-2013-0135.1."
}
],
"id": "CVE-2013-2778",
"lastModified": "2024-11-21T01:52:20.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-09T03:34:53.680",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-18 11:33
Modified
2024-11-21 01:50
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book 8.2.5, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de par\u00e1metros no especificados a (1) edit.php o (2) import.php. NOTA:el identificador del vector view.php est\u00e1 recogido actualmente por el CVE-2008-2565.1 y el identificador de edit.php lo recoge el CVE-2008-2565.2."
}
],
"id": "CVE-2013-1748",
"lastModified": "2024-11-21T01:50:18.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-18T11:33:02.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-09 03:34
Modified
2024-11-21 01:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en PHP Address Book v8.2.5 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro id en (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, o (3) addressbook/register/edit_user_save.php; el par\u00e1metro email en (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, o (7) addressbook/register/user_add_save.php; el par\u00e1metro username en (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; los par\u00e1metros (10) lastname, (11) firstname, (12) phone, (13) permissions, o (14) notes en addressbook/register/edit_user_save.php; el par\u00e1metro (15) q en addressbook/register/admin_index.php; el par\u00e1metro (16) site en addressbook/register/linktick.php; el par\u00e1metro (17) password en addressbook/register/reset_password.php; el par\u00e1metro (18) password_hint en addressbook/register/reset_password_save.php; el par\u00e1metro (19) var en addressbook/register/traffic.php; o la cookie (20) BasicLogin en addressbook/register/router.php"
}
],
"id": "CVE-2013-0135",
"lastModified": "2024-11-21T01:46:55.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-09T03:34:53.650",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-04-18 11:33
Modified
2024-11-21 01:50
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chatelao | php_address_book | 8.2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chatelao:php_address_book:8.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4786C248-3132-4D88-99C5-D8B19E37A322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en edit.php en PHP Address Book 8.2.5 permite a atacantes remotos asistidos por el usuario inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del campo \"Address\"."
}
],
"id": "CVE-2013-1749",
"lastModified": "2024-11-21T01:50:18.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-04-18T11:33:02.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-0135
Vulnerability from cvelistv5
Published
2013-04-09 01:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/183692 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/99623 | vdb-entry, x_refsource_XF | |
| http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:08.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#183692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#183692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-0135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#183692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/183692"
},
{
"name": "phpaddressbook-checklogin-auth-bypass(99623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
},
{
"name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
"refsource": "MISC",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-0135",
"datePublished": "2013-04-09T01:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:08.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1911
Vulnerability from cvelistv5
Published
2012-09-09 21:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18578 | exploit, x_refsource_EXPLOIT-DB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73943 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/52396 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929 | x_refsource_MISC | |
| http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929 | x_refsource_MISC | |
| http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18578",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52396"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1911",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.029Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1912
Vulnerability from cvelistv5
Published
2012-09-09 21:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/42781 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/18578 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/53598 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/49212 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/52396 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929 | x_refsource_MISC | |
| http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929 | x_refsource_MISC | |
| http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73944 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=805929 | x_refsource_MISC | |
| http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:26.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42781",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52396"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42781"
},
{
"name": "18578",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "53598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49212"
},
{
"name": "52396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52396"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name": "phpaddressbook-multiple-xss(73944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1912",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-03-26T00:00:00",
"dateUpdated": "2024-08-06T19:17:26.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2608
Vulnerability from cvelistv5
Published
2009-07-27 18:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35511 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/35590 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/504595/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.exploit-db.com/exploits/9023 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35511",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35511"
},
{
"name": "35590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35590"
},
{
"name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
},
{
"name": "9023",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2608",
"datePublished": "2009-07-27T18:00:00",
"dateReserved": "2009-07-27T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1748
Vulnerability from cvelistv5
Published
2013-04-18 10:00
Modified
2024-09-17 01:51
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2013/04/17/2 | mailing-list, x_refsource_MLIST | |
| http://openwall.com/lists/oss-security/2013/04/17/5 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-18T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1748",
"datePublished": "2013-04-18T10:00:00Z",
"dateReserved": "2013-02-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:54.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2903
Vulnerability from cvelistv5
Published
2012-05-21 18:00
Modified
2024-08-06 19:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53598 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/49212 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75703 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=805929 | x_refsource_MISC | |
| http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:04.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53598"
},
{
"name": "49212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49212"
},
{
"name": "phpaddressbook-multiplescripts-xss(75703)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
},
{
"name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2903",
"datePublished": "2012-05-21T18:00:00",
"dateReserved": "2012-05-21T00:00:00",
"dateUpdated": "2024-08-06T19:50:04.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2778
Vulnerability from cvelistv5
Published
2013-04-09 01:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-09T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
"refsource": "MISC",
"url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2778",
"datePublished": "2013-04-09T01:00:00Z",
"dateReserved": "2013-04-08T00:00:00Z",
"dateUpdated": "2024-09-17T03:13:45.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1749
Vulnerability from cvelistv5
Published
2013-04-18 10:00
Modified
2024-09-16 23:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2013/04/17/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-18T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1749",
"datePublished": "2013-04-18T10:00:00Z",
"dateReserved": "2013-02-15T00:00:00Z",
"dateUpdated": "2024-09-16T23:05:45.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}