Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1546

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-1546
Last Modified 21 Sep 2011 11:30:28
Published 04 Apr 2011 08:27:38
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1546

Summary

Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Aphpkb 0.1

  • Aphpkb 0.2

  • Aphpkb 0.21

  • Aphpkb 0.3

  • Aphpkb 0.31

  • Aphpkb 0.33

  • Aphpkb 0.35

  • Aphpkb 0.361

  • Aphpkb 0.371

  • Aphpkb 0.38

  • Aphpkb 0.39

  • Aphpkb 0.4

  • Aphpkb 0.41

  • Aphpkb 0.42

  • Aphpkb 0.43

  • Aphpkb 0.44

  • Aphpkb 0.45

  • Aphpkb 0.5

  • Aphpkb 0.51

  • Aphpkb 0.52

  • Aphpkb 0.53

  • Aphpkb 0.54

  • Aphpkb 0.55

  • Aphpkb 0.56

  • Aphpkb 0.57

  • Aphpkb 0.58

  • Aphpkb 0.59

  • Aphpkb 0.6

  • Aphpkb 0.61

  • Aphpkb 0.62

  • Aphpkb 0.63

  • Aphpkb 0.64

  • Aphpkb 0.65

  • Aphpkb 0.66

  • Aphpkb 0.67

  • Aphpkb 0.70

  • Aphpkb 0.71

  • Aphpkb 0.72

  • Aphpkb 0.73

  • Aphpkb 0.74

  • Aphpkb 0.75

  • Aphpkb 0.76

  • Aphpkb 0.77

  • Aphpkb 0.78

  • Aphpkb 0.79

  • Aphpkb 0.80

  • Aphpkb 0.81

  • Aphpkb 0.82

  • Aphpkb 0.83

  • Aphpkb 0.84

  • Aphpkb 0.85

  • Aphpkb 0.86

  • Aphpkb 0.87

  • Aphpkb 0.88

  • Aphpkb 0.88.5

  • Aphpkb 0.88.6

  • Aphpkb 0.88.7

  • Aphpkb 0.88.8

  • Aphpkb 0.89

  • Aphpkb 0.9

  • Aphpkb 0.91

  • Aphpkb 0.92

  • Aphpkb 0.92.1

  • Aphpkb 0.92.2

  • Aphpkb 0.92.3

  • Aphpkb 0.92.4

  • Aphpkb 0.92.5

  • Aphpkb 0.92.6

  • Aphpkb 0.92.7

  • Aphpkb 0.92.8

  • Aphpkb 0.92.9

  • Aphpkb 0.93.1

  • Aphpkb 0.93.2

  • Aphpkb 0.93.3

  • Aphpkb 0.93.4

  • Aphpkb 0.93.5

  • Aphpkb 0.93.6

  • Aphpkb 0.93.7

  • Aphpkb 0.93.8

  • Aphpkb 0.93.9

  • Aphpkb 0.94.1

  • Aphpkb 0.94.2

  • Aphpkb 0.94.3

  • Aphpkb 0.94.4

  • Aphpkb 0.94.5

  • Aphpkb 0.94.6

  • Aphpkb 0.94.7

  • Aphpkb 0.94.8

  • Aphpkb 0.94.9

  • Aphpkb 0.95

  • Aphpkb 0.95.1

  • Aphpkb 0.95.2


References

CONFIRM - http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html

XF - aphpkb-aviewusers-sql-injection(66500)

VUPEN - ADV-2011-0802

MISC - http://www.uncompiled.com/2011/03/cve-2011-1546/

BID - 47097

BUGTRAQ - 20110330 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)

EXPLOIT-DB - 17084

SREASON - 8172

SREASON - 8168

SECUNIA - 34476


Last Updated: 27 May 2016 10:56:22