QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1911

Published: Sep 9, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

phpaddressbook-multiple-sql-injection(73943)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929

x_refsource_MISC

http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929

x_refsource_MISC

http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.