Vulnerabilities > Chatelao

DATE CVE VULNERABILITY TITLE RISK
2013-04-18 CVE-2013-1749 Cross-Site Scripting vulnerability in Chatelao PHP Address Book 8.2.5
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
network
chatelao CWE-79
4.3
2013-04-18 CVE-2013-1748 SQL Injection vulnerability in Chatelao PHP Address Book 8.2.5
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php.
network
low complexity
chatelao CWE-89
7.5
2013-04-09 CVE-2013-2778 Cross-Site Request Forgery (CSRF) vulnerability in Chatelao PHP Address Book 8.2.5
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
network
low complexity
chatelao CWE-352
7.5
2013-04-09 CVE-2013-0135 SQL Injection vulnerability in Chatelao PHP Address Book 8.2.5
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php.
network
low complexity
chatelao CWE-89
7.5
2012-09-09 CVE-2012-1912 Cross-Site Scripting vulnerability in Chatelao PHP Address Book
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.
network
chatelao CWE-79
4.3
2012-09-09 CVE-2012-1911 SQL Injection vulnerability in Chatelao PHP Address Book
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php.
network
low complexity
chatelao CWE-89
7.5
2012-05-21 CVE-2012-2903 Cross-Site Scripting vulnerability in Chatelao PHP Address Book
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
network
chatelao CWE-79
4.3
2009-07-27 CVE-2009-2608 SQL Injection vulnerability in Chatelao PHP Address Book 4.0.1/4.0.2
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php.
network
chatelao CWE-89
6.8