SQL Injection Vulnerabilities in PHP Address Book 4.0.x by PHP Web Solutions
CVE-2009-2608

Currently unrated

Key Information:

Vendor

Chatelao

Status
PHP Address Book
Vendor
CVE Published:
27 July 2009

What is CVE-2009-2608?

Multiple SQL injection vulnerabilities exist in PHP Address Book version 4.0.x, allowing remote attackers to execute arbitrary SQL commands through unsanitized input. Attackers can exploit the 'id' parameter in delete.php and the 'alphabet' parameter in index.php to manipulate database queries, which can lead to unauthorized data access or corruption. It is critical for users of PHP Address Book to apply updates and secure their applications against these vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/35511
vdb-entryx_refsource_BID
http://secunia.com/advisories/35590
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/504595/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.