CVE-2012-2903
PHP Address Book < 6.1.1 - Cross-Site Scripting via PATH_INFO or Language Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2903. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary The exploit demonstrates multiple SQL injection and XSS vulnerabilities in PHP Address Book 6.2.12. It provides direct URLs with payloads for blind SQL injection and XSS attacks, confirming the vulnerabilities are exploitable.
Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
Exploits (1)
The exploit demonstrates multiple SQL injection and XSS vulnerabilities in PHP Address Book 6.2.12. It provides direct URLs with payloads for blind SQL injection and XSS attacks, confirming the vulnerabilities are exploitable.