CVE-2011-1546
published 2011-04-04CVE-2011-1546: Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.75%
75.0th percentile
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
Affected
95 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aphpkb | aphpkb | <= 0.95.2 | — |
| aphpkb | aphpkb | <= 0.95.3 | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
| aphpkb | aphpkb | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2c5c-cr43-hgwm: SQL injection vulnerability in saa
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2011-1555 [HIGH] CWE-89 GHSA-2c5c-cr43-hgwm: SQL injection vulnerability in saa
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-v9hw-w7vj-4pv9: SQL injection vulnerability in ICloudCenter ICJobSite 1
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2011-1557 [HIGH] CWE-89 GHSA-v9hw-w7vj-4pv9: SQL injection vulnerability in ICloudCenter ICJobSite 1
SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA
GHSA-rp8m-q5pp-m86r: Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0
ghsa_unreviewed·2022-05-14
CVE-2011-1546 [HIGH] CWE-89 GHSA-rp8m-q5pp-m86r: Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
No detection rules found.
No writeups or analysis indexed.
http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.htmlhttp://secunia.com/advisories/34476http://securityreason.com/securityalert/8168http://securityreason.com/securityalert/8172http://www.exploit-db.com/exploits/17084/http://www.securityfocus.com/archive/1/517261/100/0/threadedhttp://www.securityfocus.com/bid/47097http://www.uncompiled.com/2011/03/cve-2011-1546/http://www.vupen.com/english/advisories/2011/0802https://exchange.xforce.ibmcloud.com/vulnerabilities/66500http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.htmlhttp://secunia.com/advisories/34476http://securityreason.com/securityalert/8168http://securityreason.com/securityalert/8172http://www.exploit-db.com/exploits/17084/http://www.securityfocus.com/archive/1/517261/100/0/threadedhttp://www.securityfocus.com/bid/47097http://www.uncompiled.com/2011/03/cve-2011-1546/http://www.vupen.com/english/advisories/2011/0802https://exchange.xforce.ibmcloud.com/vulnerabilities/66500
2011-04-04
Published