Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Aphpkb Andy's PHP Knowledgebase多个SQL注入漏洞
Vulnerability Description
Andy's PHP Knowledgebase(Aphpkb)是一套使用MySQL作为数据存储的知识库管理系统。该系统提供了搜索、标签、文章提交等功能。 Andy's PHP Knowledgebase(Aphpkb)0.95.3之前版本中存在多个SQL注入漏洞。远程攻击者可以借助向(1)a_viewusers.php或者(2)keysearch.php传递的s参数执行任意SQL命令;向pending.php传递的(3)id或(4)start参数,或者(5)向a_authordetails.php传递的
CVSS Information
N/A
Vulnerability Type
N/A