CVE-2008-2565
CVE-2008-2565
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 4
cve_referencepacketstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/18578não verificadocve_referencewww.exploit-db.com/exploits/5739não verificadocve_referencewww.exploit-db.com/exploits/9023não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.htmlhttp://secunia.com/advisories/30540http://secunia.com/advisories/35590https://exchange.xforce.ibmcloud.com/vulnerabilities/42855https://exchange.xforce.ibmcloud.com/vulnerabilities/99622https://www.exploit-db.com/exploits/5739https://www.exploit-db.com/exploits/9023http://www.securityfocus.com/archive/1/504595/100/0/threadedhttp://www.securityfocus.com/bid/35511