Vulnerability Note VU#183692
PHP Address Book sqli vulnerability
PHP Address Book web application is vulnerable to multiple sqli injection vulnerabilities.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
PHP Address Book 8.2.5 and possibly older versions fail to sanitize input from multiple functions.
A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|PHP Address Book||Affected||-||03 Apr 2013|
CVSS Metrics (Learn More)
Thanks to Jurgen Voorneveld of Acadion Security for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2013-0135
- Date Public: 05 Apr 2013
- Date First Published: 05 Apr 2013
- Date Last Updated: 05 Apr 2013
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.