CVE-2006-4575 Information
Feb 14, 2021
cve
Description
Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname (2) firstname (3) passwordOld (4) passwordNew (5) id (6) language (7) defaultLetter (8) newuserPass (9) newuserType (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.
Reference
http://osvdb.org/32568 http://osvdb.org/32569 http://osvdb.org/32570 http://secunia.com/advisories/21694 http://secunia.com/secunia_research/2006-76/advisory/ http://www.securityfocus.com/bid/21870 https://exchange.xforce.ibmcloud.com/vulnerabilities/31238
Share on: