Filtered by vendor Phpabook Project Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-8510 1 Phpabook Project 1 Phpabook 2024-08-04 9.8 Critical
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.
CVE-2022-30352 1 Phpabook Project 1 Phpabook 2024-08-03 9.8 Critical
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.