CVE-2008-2565

Php-address Book < 4.0 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

Exploits (3)

exploitdb WORKING POC VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/9023
exploitdb WORKING POC VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/5739
exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/18578

References (9)

Scores

EPSS 0.0229
EPSS Percentile 84.8%

Details

CWE
CWE-89
Status published
Products (29)
php-address_book/php-address_book 1.0
php-address_book/php-address_book 1.2
php-address_book/php-address_book 2.0
php-address_book/php-address_book 2.1
php-address_book/php-address_book 2.1.1
php-address_book/php-address_book 2.2
php-address_book/php-address_book 2.3
php-address_book/php-address_book 2.4
php-address_book/php-address_book 2.6
php-address_book/php-address_book 3.0
... and 19 more
Published Jun 06, 2008
Tracked Since Feb 18, 2026