CVE-2006-4575 in The Address Bookinformazioni

Riassunto

di MITRE

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Prenotare

06/09/2006

Divulgazione

31/12/2006

Moderazione

accettato

Voce

5

Collegare

mostrare

CPE

pronto

EPSS

0.02113

KEV

no

Attività

molto basso

Fonti

Might our Artificial Intelligence support you?

Check our Alexa App!