PT-2006-4900 · Unknown · The Address Book+1

Published

2006-08-10

Updated

2017-07-20

CVE-2006-4056

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions The Address Book versions 1.04e and earlier The Address Book Reloaded versions prior to 2.0-rc4

Description The issue concerns SQL injection vulnerabilities in the authentication process. Remote attackers can execute arbitrary SQL commands by manipulating the username or password parameters.

Recommendations For The Address Book versions 1.04e and earlier, update to a version later than 1.04e. For The Address Book Reloaded versions prior to 2.0-rc4, update to version 2.0-rc4 or later. As a temporary workaround, consider restricting access to the authentication process to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4056

Affected Products

The Address Book

The Address Book Reloaded

PT-2006-4900 · Unknown · The Address Book+1

CVE-2006-4056

Related Identifiers

Affected Products

References · 9