CVE-2024-51644 – Addressbook <= 1.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-51644
The Addressbook plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-2306
https://notcve.org/view.php?id=CVE-2012-2306
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo Addressbook para Drupal v6.x-4.2 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://drupal.org/node/1557868 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2012-2307
https://notcve.org/view.php?id=CVE-2012-2307
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Addressbook para Drupal v6.x-4.2 y anteriores, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://drupal.org/node/1557868 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 • CWE-352: Cross-Site Request Forgery (CSRF) •