Chatelao Php Address Book vulnerabilities
9 known vulnerabilities affecting chatelao/php_address_book.
Total CVEs
9
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2013-0135P3HIGHCVSS 7.5PoCv8.2.52013-04-09
CVE-2013-0135 [HIGH] CWE-89 CVE-2013-0135: Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute a
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressb
nvd
CVE-2012-1911P3HIGHCVSS 7.5PoC≤ 6.2.11v1.0+102 more2012-09-09
CVE-2012-1911 [HIGH] CVE-2012-1911: Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
nvd
CVE-2013-1748P3HIGHCVSS 7.5PoCv8.2.52013-04-18
CVE-2013-1748 [HIGH] CVE-2013-1748: Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute a
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
nvd
CVE-2009-2608P3MEDIUMCVSS 6.8PoCv4.0.1v4.0.22009-07-27
CVE-2009-2608 [MEDIUM] CVE-2009-2608: Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute a
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
nvd
CVE-2020-37083P3HIGHCVSS 8.2v9.0.0.12026-02-03
CVE-2020-37083 [HIGH] CWE-89 CVE-2020-37083: PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote a
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php endpoint.
nvd
CVE-2012-1912P4MEDIUMCVSS 4.3PoC≤ 7.0v1.0+104 more2012-09-09
CVE-2012-1912 [MEDIUM] CVE-2012-1912: Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allo
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
nvd
CVE-2012-2903P4MEDIUMCVSS 4.3PoC≤ 6.1.1v1.0+88 more2012-05-21
CVE-2012-2903 [MEDIUM] CWE-79 CVE-2012-2903: Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
nvd
CVE-2013-2778P4HIGHCVSS 7.5v8.2.52013-04-09
CVE-2013-2778 [HIGH] CVE-2013-2778: Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Addre
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
nvd
CVE-2013-1749P4MEDIUMCVSS 4.3v8.2.52013-04-18
CVE-2013-1749 [MEDIUM] CWE-79 CVE-2013-1749: Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
nvd