CNNVD-202602-243 Information

CNNVD ID

CNNVD-202602-243

Related CVE

CVE-2020-37083

• CNNVD Published: 2026-02-03

Description (Chinese)

PHP Address Book是chatelao个人开发者的一个Web端的联系人管理系统。 PHP Address Book 9.0.0.1版本存在SQL注入漏洞，该漏洞源于photo.php端点中的id参数存在基于时间的盲SQL注入漏洞，攻击者可通过注入特制SQL语句并观察响应时间来提取信息。

Description (English)

PHP Address Book is a web-end contact management system for the personal developers of Chateleo. Version 9.0.0.1 of PHP Address Book 9.0.0.1 contains an injection loophole in SQL, which originates from the time-based blind SQL parameter in the photo.php endpoint, where the assailant can extract information by injecting a special SQL statement and observing the response time.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2026-02-03

Last Modified

2026-02-24

References

https://sourceforge.net/projects/php-addressbook/ https://www.exploit-db.com/exploits/48416 https://www.vulncheck.com/advisories/addressbook-id-sql-injection