Published: 04/04/2011 Updated: 09/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) prior to 0.95.3 allow remote malicious users to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aphpkb aphpkb 0.94.8
aphpkb aphpkb 0.94.7
aphpkb aphpkb 0.93.9
aphpkb aphpkb 0.93.8
aphpkb aphpkb 0.93.1
aphpkb aphpkb 0.95
aphpkb aphpkb 0.94.9
aphpkb aphpkb 0.94.2
aphpkb aphpkb 0.94.1
aphpkb aphpkb 0.93.3
aphpkb aphpkb 0.93.2
aphpkb aphpkb 0.92.2
aphpkb aphpkb 0.92.1
aphpkb aphpkb 0.88.6
aphpkb aphpkb 0.88.5
aphpkb aphpkb 0.82
aphpkb aphpkb 0.81
aphpkb aphpkb 0.80
aphpkb aphpkb 0.73
aphpkb aphpkb 0.72
aphpkb aphpkb 0.63
aphpkb aphpkb 0.62
aphpkb aphpkb 0.54
aphpkb aphpkb 0.53
aphpkb aphpkb 0.42
aphpkb aphpkb 0.41
aphpkb aphpkb 0.33
aphpkb aphpkb 0.31
aphpkb aphpkb 0.92.8
aphpkb aphpkb 0.92.7
aphpkb aphpkb 0.92
aphpkb aphpkb 0.91
aphpkb aphpkb 0.88
aphpkb aphpkb 0.87
aphpkb aphpkb 0.79
aphpkb aphpkb 0.78
aphpkb aphpkb 0.71
aphpkb aphpkb 0.70
aphpkb aphpkb 0.61
aphpkb aphpkb 0.6
aphpkb aphpkb 0.52
aphpkb aphpkb 0.51
aphpkb aphpkb 0.4
aphpkb aphpkb 0.39
aphpkb aphpkb 0.3
aphpkb aphpkb 0.21
aphpkb aphpkb
aphpkb aphpkb 0.95.1
aphpkb aphpkb 0.94.4
aphpkb aphpkb 0.94.3
aphpkb aphpkb 0.93.5
aphpkb aphpkb 0.93.4
aphpkb aphpkb 0.92.4
aphpkb aphpkb 0.92.3
aphpkb aphpkb 0.88.8
aphpkb aphpkb 0.88.7
aphpkb aphpkb 0.84
aphpkb aphpkb 0.83
aphpkb aphpkb 0.75
aphpkb aphpkb 0.74
aphpkb aphpkb 0.65
aphpkb aphpkb 0.64
aphpkb aphpkb 0.57
aphpkb aphpkb 0.56
aphpkb aphpkb 0.55
aphpkb aphpkb 0.44
aphpkb aphpkb 0.43
aphpkb aphpkb 0.361
aphpkb aphpkb 0.35
aphpkb aphpkb 0.92.9
aphpkb aphpkb 0.94.6
aphpkb aphpkb 0.94.5
aphpkb aphpkb 0.93.7
aphpkb aphpkb 0.93.6
aphpkb aphpkb 0.92.6
aphpkb aphpkb 0.92.5
aphpkb aphpkb 0.9
aphpkb aphpkb 0.89
aphpkb aphpkb 0.86
aphpkb aphpkb 0.85
aphpkb aphpkb 0.77
aphpkb aphpkb 0.76
aphpkb aphpkb 0.67
aphpkb aphpkb 0.66
aphpkb aphpkb 0.59
aphpkb aphpkb 0.58
aphpkb aphpkb 0.5
aphpkb aphpkb 0.45
aphpkb aphpkb 0.38
aphpkb aphpkb 0.371
aphpkb aphpkb 0.2
aphpkb aphpkb 0.1

'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546) Mark Stanislav - markstanislav@gmailcom I DESCRIPTION --------------------------------------- A vulnerability exists in a_viewusersphp allowing for SQL injection of the 's' query parameter II TESTED VERSION --------------------------------------- 0952 III PoC EXP ...

Andy's PHP Knowledgebase version 0952 suffers from a remote SQL injection vulnerability ...

CWE-89 http://www.vupen.com/english/advisories/2011/0802 http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html http://secunia.com/advisories/34476 http://www.exploit-db.com/exploits/17084/http://www.uncompiled.com/2011/03/cve-2011-1546/http://www.securityfocus.com/bid/47097 http://securityreason.com/securityalert/8172 http://securityreason.com/securityalert/8168 https://exchange.xforce.ibmcloud.com/vulnerabilities/66500 http://www.securityfocus.com/archive/1/517261/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/17084/

Get Started

CVE-2011-1546

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect