CVE-2012-1912
PHP Address Book < 7.0 - Cross-Site Scripting via Preferences from Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1912. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary The exploit demonstrates multiple SQL injection and XSS vulnerabilities in PHP Address Book 6.2.12. It provides direct URLs with payloads for blind SQL injection and XSS attacks, confirming the vulnerabilities are exploitable.
Description
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
Exploits (1)
The exploit demonstrates multiple SQL injection and XSS vulnerabilities in PHP Address Book 6.2.12. It provides direct URLs with payloads for blind SQL injection and XSS attacks, confirming the vulnerabilities are exploitable.