Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
book vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-2017
SQL injection vulnerability in products.php in Virtue Book Store allows remote malicious users to execute arbitrary SQL commands via the cid parameter.
Virtuenetz Virtue Book Store
1 EDB exploit
NA
CVE-2023-6199
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
Bookstackapp Book Stack 23.10.2
6.8
CVSSv2
CVE-2009-1483
Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct reque...
Studiolounge Address Book 2.5
1 EDB exploit
7.5
CVSSv2
CVE-2007-2000
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
Raphael Limbach Crea-book
1 EDB exploit
7.5
CVSSv2
CVE-2001-1114
book.cgi in NetCode NC Book 0.2b allows remote malicious users to execute arbitrary commands via shell metacharacters in the "current" parameter.
Netcode Nc Book 0.2b
10
CVSSv2
CVE-2008-2638
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and previous versions allows remote malicious users to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
1-script 1-book
1 EDB exploit
4.3
CVSSv2
CVE-2007-4021
Multiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.
Brain Book Software Software Secure
6.8
CVSSv2
CVE-2010-1058
Directory traversal vulnerability in codelib/cfg/common.inc.php in Phpkobo Address Book Script 1.09, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter.
Phpkobo Address Book Script 1.09
1 EDB exploit
7.5
CVSSv2
CVE-2020-29474
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
Egavilanmedia Egm Address Book 1.0
7.5
CVSSv2
CVE-2013-2778
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote malicious users to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
Chatelao Php Address Book 8.2.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »