CVE-2009-2608
published 2009-07-27CVE-2009-2608: Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.91%
55.6th percentile
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chatelao | php_address_book | — | — |
| chatelao | php_address_book | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x4jm-r7gw-5wxf: Multiple SQL injection vulnerabilities in PHP Address Book 4
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-2608 [HIGH] CWE-89 GHSA-x4jm-r7gw-5wxf: Multiple SQL injection vulnerabilities in PHP Address Book 4
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
Red Hat
kernel: media: vivid: Change the siize of the composing
vendor_redhat·2025-07-04·CVSS 7.8
CVE-2025-38226 [HIGH] kernel: media: vivid: Change the siize of the composing
kernel: media: vivid: Change the siize of the composing
In the Linux kernel, the following vulnerability has been resolved:
media: vivid: Change the siize of the composing
syzkaller found a bug:
BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]
BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705
Write of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304
CPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/
No detection rules found.
http://secunia.com/advisories/35590http://www.exploit-db.com/exploits/9023http://www.securityfocus.com/archive/1/504595/100/0/threadedhttp://www.securityfocus.com/bid/35511http://secunia.com/advisories/35590http://www.exploit-db.com/exploits/9023http://www.securityfocus.com/archive/1/504595/100/0/threadedhttp://www.securityfocus.com/bid/35511
2009-07-27
Published