← back
CVE-2006-4575

CVE-2006-4575

EPSS 2.1%
Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/32568http://osvdb.org/32569http://osvdb.org/32570http://secunia.com/advisories/21694http://secunia.com/secunia_research/2006-76/advisory/https://exchange.xforce.ibmcloud.com/vulnerabilities/31238http://www.securityfocus.com/bid/21870