Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2565

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2565
Last Modified 10 Jan 2015 09:59:01
Published 06 Jun 2008 02:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2565

Summary

Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

Vulnerable Systems

Application

  • Php-address Book 1.0

  • Php-address Book 1.2

  • Php-address Book 2.0

  • Php-address Book 2.1

  • Php-address Book 2.1.1

  • Php-address Book 2.2

  • Php-address Book 2.3

  • Php-address Book 2.4

  • Php-address Book 2.6

  • Php-address Book 3.0

  • Php-address Book 3.1

  • Php-address Book 3.1.1

  • Php-address Book 3.1.2

  • Php-address Book 3.1.3

  • Php-address Book 3.1.4

  • Php-address Book 3.1.5

  • Php-address Book 3.3.16

  • Php-address Book 3.3.17

  • Php-address Book 3.3.18

  • Php-address Book 3.4

  • Php-address Book 3.4.1

  • Php-address Book 3.4.2

  • Php-address Book 3.4.3

  • Php-address Book 3.4.4

  • Php-address Book 3.4.5

  • Php-address Book 3.4.6

  • Php-address Book 3.4.7

  • Php-address Book 3.4.8

  • Php-address Book 4.0


References

XF - phpaddressbook-view-edit-sql-injection(42855)

BID - 35511

BUGTRAQ - 20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x-->

MILW0RM - 9023

MILW0RM - 5739

SECUNIA - 35590

SECUNIA - 30540

XF - phpaddressbook-viewphp-sql-injection(99622)

MISC - http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html


Last Updated: 27 May 2016 11:07:29