PT-2022-20072 · Phpbook · Phpabook
Published
2022-05-27
·
Updated
2022-06-10
·
CVE-2022-30352
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
phpABook version 0.9i
Description
The issue arises from insufficient sanitization of user-supplied data in the
auth user parameter, leading to SQL Injection. This occurs in the index.php script.Recommendations
For phpABook version 0.9i, consider sanitizing user input for the
auth user parameter in the index.php script to prevent SQL Injection attacks. As a temporary workaround, restrict access to the index.php script until a proper fix is applied.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpabook