Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: flexera
Published: 2007-01-03T20:00:00
Updated: 2024-08-07T19:14:47.688Z
Reserved: 2006-09-06T00:00:00
Link: CVE-2006-4575
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-12-31T05:00:00.000
Modified: 2024-11-21T00:16:17.433
Link: CVE-2006-4575
Redhat
No data.