{"vuid":"VU#183692","idnumber":"183692","name":"PHP Address Book sqli vulnerability","keywords":["php","address book","cwe-89"],"overview":"PHP Address Book web application is vulnerable to multiple sqli injection vulnerabilities.","clean_desc":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nPHP Address Book 8.2.5 and possibly older versions fail to sanitize input from multiple functions. http://www.example.com/addressbook/register/checklogin.php?username={insert}&password=pass\nhttp://www.example.com/addressbook/register/admin_index.php?q={insert}\nhttp://www.example.com/addressbook/register/delete_user.php?id={insert}\nhttp://www.example.com/addressbook/register/edit_user.php?id={insert} Additional information on vulnerable functions can be found at Acadion Security advisory.","impact":"A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user's host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Jurgen Voorneveld of Acadion Security for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://cwe.mitre.org/data/definitions/89.html","http://sourceforge.net/projects/php-addressbook/","http://www.acadion.nl/labs/advisory/20130203-phpaddressbook.html"],"cveids":["CVE-2013-0135"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-02-18T15:20:57Z","publicdate":"2013-04-05T00:00:00Z","datefirstpublished":"2013-04-05T16:50:27Z","dateupdated":"2013-04-05T18:00:24Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:P/A:P","cvss_temporalscore":"6.5","cvss_environmentalscore":"1.7","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}