Vulnerability Details CVE-2009-2608
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v2 Score 6.8
References
- http://secunia.com/advisories/35590
- http://www.exploit-db.com/exploits/9023
- http://www.securityfocus.com/archive/1/504595/100/0/threaded
- http://www.securityfocus.com/bid/35511
- http://secunia.com/advisories/35590
- http://www.exploit-db.com/exploits/9023
- http://www.securityfocus.com/archive/1/504595/100/0/threaded
- http://www.securityfocus.com/bid/35511
Products affected by CVE-2009-2608
-
cpe:2.3:a:chatelao:php_address_book:4.0.1
-
cpe:2.3:a:chatelao:php_address_book:4.0.2