PT-2006-4900 · Unknown · The Address Book+1

Publicado

2006-08-10

Atualizado

2017-07-20

CVE-2006-4056

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions The Address Book versions 1.04e and earlier The Address Book Reloaded versions prior to 2.0-rc4

Description The issue concerns SQL injection vulnerabilities in the authentication process. Remote attackers can execute arbitrary SQL commands by manipulating the username or password parameters.

Recommendations For The Address Book versions 1.04e and earlier, update to a version later than 1.04e. For The Address Book Reloaded versions prior to 2.0-rc4, update to version 2.0-rc4 or later. As a temporary workaround, consider restricting access to the authentication process to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-4056

Produtos afetados

The Address Book

The Address Book Reloaded

PT-2006-4900 · Unknown · The Address Book+1

CVE-2006-4056

Identificadores relacionados

Produtos afetados

Referências · 9