CVE-2008-2565
published 2008-06-06CVE-2008-2565: Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.91%
77.2th percentile
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
Affected
135 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chatelao | php_address_book | <= 6.2.11 | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3xh-crh6-f3vj: Multiple SQL injection vulnerabilities in PHP Address Book 8
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2013-1748 [HIGH] CWE-89 GHSA-p3xh-crh6-f3vj: Multiple SQL injection vulnerabilities in PHP Address Book 8
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
GHSA
GHSA-6x4p-xfh8-hfpg: Multiple SQL injection vulnerabilities in PHP Address Book 6
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2012-1911 [HIGH] CWE-89 GHSA-6x4p-xfh8-hfpg: Multiple SQL injection vulnerabilities in PHP Address Book 6
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
GHSA
GHSA-x4jm-r7gw-5wxf: Multiple SQL injection vulnerabilities in PHP Address Book 4
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-2608 [HIGH] CWE-89 GHSA-x4jm-r7gw-5wxf: Multiple SQL injection vulnerabilities in PHP Address Book 4
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
GHSA
GHSA-fp92-9hf4-f2wx: Multiple SQL injection vulnerabilities in PHP Address Book 3
ghsa_unreviewed·2022-05-01
CVE-2008-2565 [HIGH] CWE-89 GHSA-fp92-9hf4-f2wx: Multiple SQL injection vulnerabilities in PHP Address Book 3
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
No detection rules found.
Exploit-DB
PHP Address Book 6.2.12 - Multiple Vulnerabilities
exploitdb·2012-03-10
CVE-2012-2903 PHP Address Book 6.2.12 - Multiple Vulnerabilities
PHP Address Book 6.2.12 - Multiple Vulnerabilities
---
Advisory: PHP Address Book 6.2.12 Multiple security vulnerabilities
Advisory ID: SSCHADV2012-007
Author: Stefan Schurtz
Affected Software: Successfully tested on PHP Address Book 6.2.12
Vendor URL: http://sourceforge.net/projects/php-addressbook/
Vendor Status: informed
Vulnerability Description
PHP Address Book 6.2.12 is prone to multiple XSS and SQL-Injection vulnerabilities
PoC-Exploit
// (Blind) SQL-Injection
http://[target]/addressbook/edit.php?id=[sql-injection]
http://[target]/addressbook/group.php?add=Add to&group=1&selected%5b%5d=132&to_group=[sql-injection]
http://[target]/addressbook/vcard.php?id=[sql-injection]
// XSS
http://[target]/addressbook/preferences.php?from='"alert(document.cookie)
http://[target]/addressboo
Exploit-DB
PHP-Address Book 4.0.x - Multiple SQL Injections
exploitdb·2009-06-26
CVE-2009-2608 PHP-Address Book 4.0.x - Multiple SQL Injections
PHP-Address Book 4.0.x - Multiple SQL Injections
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://sourceforge.net/projects/php-addressbook/ |
|-->DOWNLOAD: http://sourceforge.net/projects/php-addressbook/ |
|-->DEMO: http://php-addressbook.sourceforge.net/demo/ |
|-->CATEGORY: Address Book |
|-->DESCRIPTION: Simple,
Exploit-DB
PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
exploitdb·2008-06-04
CVE-2013-1748 PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
---
PHP-Address Book (SQL/XSS) Multiple Remote Vulnerabilities
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 4 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : PHP-Address Book
VERSION :
http://[target]/[path]/index.php?group=
##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #
#########################################################
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.htmlhttp://secunia.com/advisories/30540http://secunia.com/advisories/35590http://www.securityfocus.com/archive/1/504595/100/0/threadedhttp://www.securityfocus.com/bid/35511https://exchange.xforce.ibmcloud.com/vulnerabilities/42855https://exchange.xforce.ibmcloud.com/vulnerabilities/99622https://www.exploit-db.com/exploits/5739https://www.exploit-db.com/exploits/9023http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.htmlhttp://secunia.com/advisories/30540http://secunia.com/advisories/35590http://www.securityfocus.com/archive/1/504595/100/0/threadedhttp://www.securityfocus.com/bid/35511https://exchange.xforce.ibmcloud.com/vulnerabilities/42855https://exchange.xforce.ibmcloud.com/vulnerabilities/99622https://www.exploit-db.com/exploits/5739https://www.exploit-db.com/exploits/9023
2008-06-06
Published