Phpaddressbook

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2008-1492	0.04	—	0.13	Mar 25, 2008	Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0.
CVE-2008-7145	0.03	—	0.00	Sep 1, 2009	Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
CVE-2008-1847	0.03	—	0.00	Apr 16, 2008	SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6646	0.00	—	0.00	Apr 7, 2009	Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CVE-2008-1492Mar 25, 2008
risk 0.04cvss —epss 0.13
Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0.
CVE-2008-7145Sep 1, 2009
risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
CVE-2008-1847Apr 16, 2008
risk 0.03cvss —epss 0.00
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6646Apr 7, 2009
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.