Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP Address Book 多个SQL注入漏洞
Vulnerability Description
PHP Address Book是一个用PHP开发,采用MySQL数据库的简单的、基于Web的地址簿、联系人管理软件。 PHP Address Book中存在多个SQL注入漏洞,这些漏洞源于程序没有充分地过滤用户所输入的数据。攻击者可利用这些漏洞完全控制程序,访问或修改数据,或利用底层数据库中的潜在漏洞。PHP Address Book 8.2.5版本中存在此漏洞,其它版本也有可能受其影响。
CVSS Information
N/A
Vulnerability Type
N/A