CVE-2008-2565 – PHP-Address Book 4.0.x - Multiple SQL Injections

https://notcve.org/view.php?id=CVE-2008-2565

Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected. Múltiples vulnerabilidades de inyección SQL en PHP Address Book 3.1.5 y en versiones anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en (1) view.php y (2) edit.php. NOTA: más tarde se informó que también se ve afectada la versión 4.0.x. • https://www.exploit-db.com/exploits/9023 https://www.exploit-db.com/exploits/5739 https://www.exploit-db.com/exploits/18578 http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html http://secunia.com/advisories/30540 http://secunia.com/advisories/35590 http://www.securityfocus.com/archive/1/504595/100/0/threaded http://www.securityfocus.com/bid/35511 https://exchange.xforce.ibmcloud.com/vulnerabilities/42855 https://exchange.xforce.ibmcloud. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •