CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2006-76/advisory/	Exploit Vendor Advisory
http://secunia.com/advisories/21694
http://www.securityfocus.com/bid/21870
http://osvdb.org/32570
http://osvdb.org/32568
http://osvdb.org/32569
https://exchange.xforce.ibmcloud.com/vulnerabilities/31238

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*

Information

Published : 2006-12-30 21:00

Updated : 2017-07-19 18:33

NVD link : CVE-2006-4575

Mitre link : CVE-2006-4575

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

the_address_book

the_address_book

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2006-76/advisory/", "name": "http://secunia.com/secunia_research/2006-76/advisory/", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/21694", "name": "21694", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/21870", "name": "21870", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/32570", "name": "32570", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/32568", "name": "32568", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/32569", "name": "32569", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31238", "name": "theaddressbook-multiple-sql-injection(31238)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4575", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:the_address_book:the_address_book:1.04e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-20T01:33Z"}