CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51644 – WordPress Addressbook plugin <= 1.1.3 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-51644
01 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Sam Wilson Addressbook allows Stored XSS.This issue affects Addressbook: from n/a through 1.1.3. The Addressbook plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into... • https://patchstack.com/database/vulnerability/addressbook/wordpress-addressbook-plugin-1-1-3-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2306
https://notcve.org/view.php?id=CVE-2012-2306
25 Jul 2012 — SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo Addressbook para Drupal v6.x-4.2 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://drupal.org/node/1557868 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2307
https://notcve.org/view.php?id=CVE-2012-2307
25 Jul 2012 — Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Addressbook para Drupal v6.x-4.2 y anteriores, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://drupal.org/node/1557868 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 1CVE-2007-1720 – PHP-Nuke Module AddressBook 1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2007-1720
28 Mar 2007 — Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file. Vulnerabilidad de salto de directorio en addressbook.php del módulo Addressbook 1.2 para PHP-Nuke permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante una secuencia .. (punto punto) e... • https://www.exploit-db.com/exploits/3582 •