VYPR

Telephone Directory 2008

by Telephone

CVEs (3)

  • CVE-2008-7180Sep 8, 2009
    risk 0.03cvss epss 0.02

    del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable.

  • CVE-2008-2678Jun 12, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.

  • CVE-2008-2677Jun 12, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.