Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown
CVE-2006-4575
Disclosure Date: December 31, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.
0