15 matches found
CVE-2013-7289
The CVE identifies multiple cross-site scripting (XSS) vulnerabilities in Andy’s PHP Knowledgebase (Aphpkb) before version 0.95.8, exploitable via the register.php endpoint. Specifically, the first_name, last_name, email, or username parameters can be injected with malicious script/HTML to affect...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...
CVE-2013-7277
Andy’s PHP Knowledgebase (Aphpkb) is affected by CVE-2013-7277 via multiple XSS vectors in versions before 0.95.8: (1) HTTP Referer header to saa.php, (2) username parameter to login.php, and (3) keyword_list parameter to keysearch.php. The underlying issue enables a remote attacker to inject arb...
CVE-2013-7277
Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...
Aphpkb 0.95.4 PHP Execution
------------------------------------------------------------------------ --PoC--...
CVE-2011-1555
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase Aphpkb 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase Aphpkb 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter...
Sql injection
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase Aphpkb 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information...
CVE-2011-1556
CVE-2011-1556 describes an SQL injection in Andy’s PHP Knowledgebase (Aphpkb) 0.95.4, specifically in plugins/pdfClasses/pdfgen.php where the pdfa parameter can be manipulated to execute arbitrary SQL commands remotely. Affected component is the pdfgen.php module within pdfClasses. The available ...
CVE-2011-1556
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase Aphpkb 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter...
CVE-2011-1546
CVE-2011-1546 affects Andy's PHP Knowledgebase (Aphpkb) prior to 0.95.3. Multiple SQL injection vulnerabilities exist in the application: via the s parameter to a_viewusers.php and keysearch.php; and via id, start (pending.php) or aid (a_authordetails.php) when accessed by authenticated admins. T...
CVE-2011-1555
CVE-2011-1555 affects Andy's PHP Knowledgebase (Aphpkb) up to version 0.95.3, via a SQL injection in saa.php exposed by the aid parameter. Public sources (NVD/Red Hat and related feeds) describe the vulnerability as allowing remote attackers to execute arbitrary SQL commands, with the impact limi...
CVE-2011-1555
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase Aphpkb 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information...
CVE-2006-1438
Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase aphpkb 0.57 allow remote attackers to inject arbitrary web script or HTML via the 1 keywordlist parameter to a index.php; 2 title, 3 article, 4 author, and 5 keywords parameters to b submitarticle.php; and 6 Question, 7...
CVE-2006-1438
The CVE-2006-1438 entry corresponds to multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57. The affected components are PHP pages and parameters: (a) index.php via keyword_list, (b) submit_article.php via title, article, author, keywords, and (c) submit_q...