Описание
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2011-1546
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66500
- http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html
- http://secunia.com/advisories/34476
- http://securityreason.com/securityalert/8168
- http://securityreason.com/securityalert/8172
- http://www.exploit-db.com/exploits/17084
- http://www.securityfocus.com/archive/1/517261/100/0/threaded
- http://www.securityfocus.com/bid/47097
- http://www.uncompiled.com/2011/03/cve-2011-1546
- http://www.vupen.com/english/advisories/2011/0802
Связанные уязвимости
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.