VYPR

Phpabook

by Phpabook

CVEs (3)

  • CVE-2022-30352CriJun 2, 2022
    risk 0.64cvss 9.8epss 0.02

    phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.

  • CVE-2020-8510CriFeb 3, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.

  • CVE-2008-4490Oct 8, 2008
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie.