本ページは chatelao php_address_book に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2013-1749 | Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. | [email protected] | 4.3 | 0.22% | 2013-04-18 | 2026-04-29 |
| CVE-2013-1748 | Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2. | [email protected] | 7.5 | 0.36% | 2013-04-18 | 2026-04-29 |
| CVE-2013-2778 | Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1. | [email protected] | 7.5 | 0.13% | 2013-04-09 | 2026-04-29 |
| CVE-2013-0135 | Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username p | [email protected] | 7.5 | 3.46% | 2013-04-09 | 2026-04-29 |
| CVE-2012-1912 | Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566. | [email protected] | 4.3 | 11.00% | 2012-09-09 | 2026-04-29 |
| CVE-2012-1911 | Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565. | [email protected] | 7.5 | 1.91% | 2012-09-09 | 2026-04-29 |
| CVE-2012-2903 | Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php. | [email protected] | 4.3 | 1.95% | 2012-05-21 | 2026-04-29 |
| CVE-2009-2608 | Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565. | [email protected] | 6.8 | 0.32% | 2009-07-27 | 2026-04-23 |