Vulnonym.org

CVE-2008-2565 - Vulvar Footlicker

Description

Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

Reference

http://secunia.com/advisories/30540 http://secunia.com/advisories/35590 http://www.securityfocus.com/bid/35511 http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99622 https://exchange.xforce.ibmcloud.com/vulnerabilities/42855 https://www.exploit-db.com/exploits/9023 https://www.exploit-db.com/exploits/5739 http://www.securityfocus.com/archive/1/504595/100/0/threaded