RSS   Vulnerabilities for 'Phpabook'   RSS

2022-06-02
 
CVE-2022-30352

CWE-89
 

 
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script.

 
2020-02-03
 
CVE-2020-8510

CWE-287
 

 
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.

 


Copyright 2024, cxsecurity.com

 

Back to Top