PHP Address Book Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running PHP Address Book and is prone to SQL Injection vulnerability.

Impact

Successful exploitation will let the attacker cause SQL Injection attack, gain sensitive information about the database used by the web application. Impact Level: Application

Solution

Upgrade to PHP Address Book version 5.7.2 or later, For updates refer to http://sourceforge.net/projects/php-addressbook/

Insight

The flaw is due to improper sanitization of user supplied input passed to the 'id' parameter in view.php, edit.php, and delete.php, and to the 'alphabet' parameter in index.php before being used in SQL queries.

Affected

PHP Address Book version 4.0.x

References

http://secunia.com/advisories/35590

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2608

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat Directory Listing and File disclosure
Adobe JRun Management Console Multiple Vulnerabilities

Take action and discover your vulnerabilities