Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2013-0135

Published: 09/04/2013 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 805
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Php Address Book

Vulnerability Summary

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.

Vulnerable Product Search on Vulmon Subscribe to Product

chatelao php address book 8.2.5

Exploits

Exploit DB: PHP Address Book - '/addressbook/register/edit_user.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database PH ...
Exploit DB: PHP Address Book - '/addressbook/register/reset_password.php' Multiple SQL Injections
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database ...
Exploit DB: PHP Address Book - '/addressbook/register/admin_index.php?q' SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underly ...
Exploit DB: PHP Address Book - '/addressbook/register/traffic.php?var' SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying da ...
Exploit DB: PHP Address Book - '/addressbook/register/delete_user.php?id' SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database PHP A ...
Exploit DB: PHP Address Book - '/addressbook/register/edit_user_save.php' Multiple SQL Injections
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database ...
Exploit DB: PHP Address Book - '/addressbook/register/reset_password_save.php' Multiple SQL Injections
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying databa ...
Exploit DB: PHP Address Book - '/addressbook/register/checklogin.php?Username' SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlyin ...
Exploit DB: PHP Address Book - '/addressbook/register/user_add_save.php?email' SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying ...
Exploit DB: PHP Address Book - '/addressbook/register/linktick.php?site' SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database ...
Exploit DB: PHP Address Book - '/addressbook/register/router.php?BasicLogin' Cookie SQL Injection
source: wwwsecurityfocuscom/bid/58911/info PHP Address Book is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying data ...

References

CWE-89http://www.kb.cert.org/vuls/id/183692http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.htmlhttp://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/99623https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/183692https://www.exploit-db.com/exploits/38426/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook