Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for php_address_book by chatelao

    CVE-2013-1749 (GCVE-0-2013-1749)

    Vulnerability from nvd – Published: 2013-04-18 10:00 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://openwall.com/lists/oss-security/2013/04/17/2 mailing-listx_refsource_MLIST
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:32.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1749",
        "datePublished": "2013-04-18T10:00:00.000Z",
        "dateReserved": "2013-02-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:45.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1748 (GCVE-0-2013-1748)

    Vulnerability from nvd – Published: 2013-04-18 10:00 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://openwall.com/lists/oss-security/2013/04/17/2 mailing-listx_refsource_MLIST
    http://openwall.com/lists/oss-security/2013/04/17/5 mailing-listx_refsource_MLIST
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:32.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
              },
              {
                "name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/04/17/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php.  NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
            },
            {
              "name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/04/17/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php.  NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
                },
                {
                  "name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/04/17/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1748",
        "datePublished": "2013-04-18T10:00:00.000Z",
        "dateReserved": "2013-02-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:54.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2778 (GCVE-0-2013-2778)

    Vulnerability from nvd – Published: 2013-04-09 01:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-09T01:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2778",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
                  "refsource": "MISC",
                  "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2778",
        "datePublished": "2013-04-09T01:00:00.000Z",
        "dateReserved": "2013-04-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:45.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-0135 (GCVE-0-2013-0135)

    Vulnerability from nvd – Published: 2013-04-09 01:00 – Updated: 2024-08-06 14:18
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:18:08.527Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#183692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/183692"
              },
              {
                "name": "phpaddressbook-checklogin-auth-bypass(99623)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#183692",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/183692"
            },
            {
              "name": "phpaddressbook-checklogin-auth-bypass(99623)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2013-0135",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#183692",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/183692"
                },
                {
                  "name": "phpaddressbook-checklogin-auth-bypass(99623)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
                },
                {
                  "name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
                  "refsource": "MISC",
                  "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2013-0135",
        "datePublished": "2013-04-09T01:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:18:08.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1912 (GCVE-0-2012-1912)

    Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:26.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42781",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42781"
              },
              {
                "name": "18578",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18578"
              },
              {
                "name": "53598",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53598"
              },
              {
                "name": "49212",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49212"
              },
              {
                "name": "52396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
              },
              {
                "name": "phpaddressbook-multiple-xss(73944)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.  NOTE: the index.php vector is already covered by CVE-2008-2566."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "42781",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42781"
            },
            {
              "name": "18578",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18578"
            },
            {
              "name": "53598",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53598"
            },
            {
              "name": "49212",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49212"
            },
            {
              "name": "52396",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
            },
            {
              "name": "phpaddressbook-multiple-xss(73944)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1912",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.  NOTE: the index.php vector is already covered by CVE-2008-2566."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42781",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42781"
                },
                {
                  "name": "18578",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18578"
                },
                {
                  "name": "53598",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53598"
                },
                {
                  "name": "49212",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49212"
                },
                {
                  "name": "52396",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52396"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
                },
                {
                  "name": "phpaddressbook-multiple-xss(73944)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1912",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:26.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1911 (GCVE-0-2012-1911)

    Vulnerability from nvd – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.029Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18578",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18578"
              },
              {
                "name": "phpaddressbook-multiple-sql-injection(73943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
              },
              {
                "name": "52396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php.  NOTE: the edit.php vector is already covered by CVE-2008-2565."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18578",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18578"
            },
            {
              "name": "phpaddressbook-multiple-sql-injection(73943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
            },
            {
              "name": "52396",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1911",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php.  NOTE: the edit.php vector is already covered by CVE-2008-2565."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18578",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18578"
                },
                {
                  "name": "phpaddressbook-multiple-sql-injection(73943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
                },
                {
                  "name": "52396",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52396"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1911",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2903 (GCVE-0-2012-2903)

    Vulnerability from nvd – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:50:04.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "53598",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53598"
              },
              {
                "name": "49212",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49212"
              },
              {
                "name": "phpaddressbook-multiplescripts-xss(75703)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "53598",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53598"
            },
            {
              "name": "49212",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49212"
            },
            {
              "name": "phpaddressbook-multiplescripts-xss(75703)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-2903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "53598",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53598"
                },
                {
                  "name": "49212",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49212"
                },
                {
                  "name": "phpaddressbook-multiplescripts-xss(75703)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-2903",
        "datePublished": "2012-05-21T18:00:00.000Z",
        "dateReserved": "2012-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:50:04.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2608 (GCVE-0-2009-2608)

    Vulnerability from nvd – Published: 2009-07-27 18:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35511 vdb-entryx_refsource_BID
    http://secunia.com/advisories/35590 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/504595/100… mailing-listx_refsource_BUGTRAQ
    http://www.exploit-db.com/exploits/9023 exploitx_refsource_EXPLOIT-DB
    Date Public
    2009-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35511",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35511"
              },
              {
                "name": "35590",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35590"
              },
              {
                "name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
              },
              {
                "name": "9023",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/9023"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php.  NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35511",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35511"
            },
            {
              "name": "35590",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35590"
            },
            {
              "name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
            },
            {
              "name": "9023",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/9023"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2608",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php.  NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35511",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35511"
                },
                {
                  "name": "35590",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35590"
                },
                {
                  "name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
                },
                {
                  "name": "9023",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/9023"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2608",
        "datePublished": "2009-07-27T18:00:00.000Z",
        "dateReserved": "2009-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1748 (GCVE-0-2013-1748)

    Vulnerability from cvelistv5 – Published: 2013-04-18 10:00 – Updated: 2024-09-17 01:51
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://openwall.com/lists/oss-security/2013/04/17/2 mailing-listx_refsource_MLIST
    http://openwall.com/lists/oss-security/2013/04/17/5 mailing-listx_refsource_MLIST
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:32.396Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
              },
              {
                "name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/04/17/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php.  NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
            },
            {
              "name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/04/17/5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1748",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php.  NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
                },
                {
                  "name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/04/17/5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1748",
        "datePublished": "2013-04-18T10:00:00.000Z",
        "dateReserved": "2013-02-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:51:54.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-1749 (GCVE-0-2013-1749)

    Vulnerability from cvelistv5 – Published: 2013-04-18 10:00 – Updated: 2024-09-16 23:05
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://openwall.com/lists/oss-security/2013/04/17/2 mailing-listx_refsource_MLIST
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:13:32.238Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-1749",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
                  "refsource": "MLIST",
                  "url": "http://openwall.com/lists/oss-security/2013/04/17/2"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-1749",
        "datePublished": "2013-04-18T10:00:00.000Z",
        "dateReserved": "2013-02-15T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:05:45.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-0135 (GCVE-0-2013-0135)

    Vulnerability from cvelistv5 – Published: 2013-04-09 01:00 – Updated: 2024-08-06 14:18
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2013-04-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T14:18:08.527Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#183692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/183692"
              },
              {
                "name": "phpaddressbook-checklogin-auth-bypass(99623)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#183692",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/183692"
            },
            {
              "name": "phpaddressbook-checklogin-auth-bypass(99623)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2013-0135",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#183692",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/183692"
                },
                {
                  "name": "phpaddressbook-checklogin-auth-bypass(99623)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99623"
                },
                {
                  "name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
                  "refsource": "MISC",
                  "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2013-0135",
        "datePublished": "2013-04-09T01:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T14:18:08.527Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-2778 (GCVE-0-2013-2778)

    Vulnerability from cvelistv5 – Published: 2013-04-09 01:00 – Updated: 2024-09-17 03:13
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T15:44:33.622Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-09T01:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-2778",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html",
                  "refsource": "MISC",
                  "url": "http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-2778",
        "datePublished": "2013-04-09T01:00:00.000Z",
        "dateReserved": "2013-04-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:13:45.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1911 (GCVE-0-2012-1911)

    Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:27.029Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18578",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18578"
              },
              {
                "name": "phpaddressbook-multiple-sql-injection(73943)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
              },
              {
                "name": "52396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php.  NOTE: the edit.php vector is already covered by CVE-2008-2565."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18578",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18578"
            },
            {
              "name": "phpaddressbook-multiple-sql-injection(73943)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
            },
            {
              "name": "52396",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1911",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php.  NOTE: the edit.php vector is already covered by CVE-2008-2565."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18578",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18578"
                },
                {
                  "name": "phpaddressbook-multiple-sql-injection(73943)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
                },
                {
                  "name": "52396",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52396"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1911",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:27.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1912 (GCVE-0-2012-1912)

    Vulnerability from cvelistv5 – Published: 2012-09-09 21:00 – Updated: 2024-08-06 19:17
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-03-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:17:26.957Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42781",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42781"
              },
              {
                "name": "18578",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18578"
              },
              {
                "name": "53598",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53598"
              },
              {
                "name": "49212",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49212"
              },
              {
                "name": "52396",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/52396"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
              },
              {
                "name": "phpaddressbook-multiple-xss(73944)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.  NOTE: the index.php vector is already covered by CVE-2008-2566."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "42781",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42781"
            },
            {
              "name": "18578",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18578"
            },
            {
              "name": "53598",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53598"
            },
            {
              "name": "49212",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49212"
            },
            {
              "name": "52396",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/52396"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
            },
            {
              "name": "phpaddressbook-multiple-xss(73944)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-1912",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.  NOTE: the index.php vector is already covered by CVE-2008-2566."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42781",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42781"
                },
                {
                  "name": "18578",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18578"
                },
                {
                  "name": "53598",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53598"
                },
                {
                  "name": "49212",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49212"
                },
                {
                  "name": "52396",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/52396"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3501716\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3496653\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
                },
                {
                  "name": "phpaddressbook-multiple-xss(73944)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73944"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-1912",
        "datePublished": "2012-09-09T21:00:00.000Z",
        "dateReserved": "2012-03-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:17:26.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2903 (GCVE-0-2012-2903)

    Vulnerability from cvelistv5 – Published: 2012-05-21 18:00 – Updated: 2024-08-06 19:50
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-05-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:50:04.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "53598",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/53598"
              },
              {
                "name": "49212",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49212"
              },
              {
                "name": "phpaddressbook-multiplescripts-xss(75703)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-05-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "53598",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/53598"
            },
            {
              "name": "49212",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49212"
            },
            {
              "name": "phpaddressbook-multiplescripts-xss(75703)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-2903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "53598",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/53598"
                },
                {
                  "name": "49212",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49212"
                },
                {
                  "name": "phpaddressbook-multiplescripts-xss(75703)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75703"
                },
                {
                  "name": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929",
                  "refsource": "MISC",
                  "url": "http://sourceforge.net/tracker/?func=detail\u0026aid=3527242\u0026group_id=157964\u0026atid=805929"
                },
                {
                  "name": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html",
                  "refsource": "MISC",
                  "url": "http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-2903",
        "datePublished": "2012-05-21T18:00:00.000Z",
        "dateReserved": "2012-05-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:50:04.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-2608 (GCVE-0-2009-2608)

    Vulnerability from cvelistv5 – Published: 2009-07-27 18:00 – Updated: 2024-08-07 05:59
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/35511 vdb-entryx_refsource_BID
    http://secunia.com/advisories/35590 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/504595/100… mailing-listx_refsource_BUGTRAQ
    http://www.exploit-db.com/exploits/9023 exploitx_refsource_EXPLOIT-DB
    Date Public
    2009-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:59:56.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "35511",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35511"
              },
              {
                "name": "35590",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35590"
              },
              {
                "name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
              },
              {
                "name": "9023",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/9023"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php.  NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "35511",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35511"
            },
            {
              "name": "35590",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35590"
            },
            {
              "name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
            },
            {
              "name": "9023",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/9023"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-2608",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php.  NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "35511",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35511"
                },
                {
                  "name": "35590",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35590"
                },
                {
                  "name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x--\u003e",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded"
                },
                {
                  "name": "9023",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/9023"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-2608",
        "datePublished": "2009-07-27T18:00:00.000Z",
        "dateReserved": "2009-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:59:56.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }