CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 4CVE-2008-2565 – PHP-Address Book 4.0.x - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2565
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected. Múltiples vulnerabilidades de inyección SQL en PHP Address Book 3.1.5 y en versiones anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en (1) view.php y (2) edit.php. NOTA: más tarde se informó que también se ve afectada la versión 4.0.x. • https://www.exploit-db.com/exploits/9023 https://www.exploit-db.com/exploits/5739 https://www.exploit-db.com/exploits/18578 http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html http://secunia.com/advisories/30540 http://secunia.com/advisories/35590 http://www.securityfocus.com/archive/1/504595/100/0/threaded http://www.securityfocus.com/bid/35511 https://exchange.xforce.ibmcloud.com/vulnerabilities/42855 https://exchange.xforce.ibmcloud. • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2008-2566 – PHP-Address Book 3.1.5 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2566
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en PHP Address Book 3.1.5 y anteriores. Permite a atacantes remotos inyectar secuencias de comandos web de su elección a través del parámetro group a (1) index.php o la (2) URI por defecto. • https://www.exploit-db.com/exploits/5739 https://www.exploit-db.com/exploits/18578 http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html http://secunia.com/advisories/30540 https://exchange.xforce.ibmcloud.com/vulnerabilities/42856 https://exchange.xforce.ibmcloud.com/vulnerabilities/99624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •