VIR Vulnerability Intelligence Relay

CVE-2011-1546

high
Published 2011-04-04 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
8.5

Description

Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-17084 webapps php verified
Mark Stanislav ยท 2011-03-30

Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection

Source code queued for fetch โ€” refresh in a moment.

Application impact
VendorProductVersionsFixed
aphpkbaphpkb{"endIncluding":"0.95.2"}
aphpkbaphpkb0.1
aphpkbaphpkb0.2
aphpkbaphpkb0.3
aphpkbaphpkb0.4
aphpkbaphpkb0.5
aphpkbaphpkb0.6
aphpkbaphpkb0.9
aphpkbaphpkb0.21
aphpkbaphpkb0.31
aphpkbaphpkb0.33
aphpkbaphpkb0.35
aphpkbaphpkb0.38
aphpkbaphpkb0.39
aphpkbaphpkb0.41
aphpkbaphpkb0.42
aphpkbaphpkb0.43
aphpkbaphpkb0.44
aphpkbaphpkb0.45
aphpkbaphpkb0.51
aphpkbaphpkb0.52
aphpkbaphpkb0.53
aphpkbaphpkb0.54
aphpkbaphpkb0.55
aphpkbaphpkb0.56
aphpkbaphpkb0.57
aphpkbaphpkb0.58
aphpkbaphpkb0.59
aphpkbaphpkb0.61
aphpkbaphpkb0.62
aphpkbaphpkb0.63
aphpkbaphpkb0.64
aphpkbaphpkb0.65
aphpkbaphpkb0.66
aphpkbaphpkb0.67
aphpkbaphpkb0.70
aphpkbaphpkb0.71
aphpkbaphpkb0.72
aphpkbaphpkb0.73
aphpkbaphpkb0.74
aphpkbaphpkb0.75
aphpkbaphpkb0.76
aphpkbaphpkb0.77
aphpkbaphpkb0.78
aphpkbaphpkb0.79
aphpkbaphpkb0.80
aphpkbaphpkb0.81
aphpkbaphpkb0.82
aphpkbaphpkb0.83
aphpkbaphpkb0.84
aphpkbaphpkb0.85
aphpkbaphpkb0.86
aphpkbaphpkb0.87
aphpkbaphpkb0.88
aphpkbaphpkb0.88.5
aphpkbaphpkb0.88.6
aphpkbaphpkb0.88.7
aphpkbaphpkb0.88.8
aphpkbaphpkb0.89
aphpkbaphpkb0.91
aphpkbaphpkb0.92
aphpkbaphpkb0.92.1
aphpkbaphpkb0.92.2
aphpkbaphpkb0.92.3
aphpkbaphpkb0.92.4
aphpkbaphpkb0.92.5
aphpkbaphpkb0.92.6
aphpkbaphpkb0.92.7
aphpkbaphpkb0.92.8
aphpkbaphpkb0.92.9
aphpkbaphpkb0.93.1
aphpkbaphpkb0.93.2
aphpkbaphpkb0.93.3
aphpkbaphpkb0.93.4
aphpkbaphpkb0.93.5
aphpkbaphpkb0.93.6
aphpkbaphpkb0.93.7
aphpkbaphpkb0.93.8
aphpkbaphpkb0.93.9
aphpkbaphpkb0.94.1
aphpkbaphpkb0.94.2
aphpkbaphpkb0.94.3
aphpkbaphpkb0.94.4
aphpkbaphpkb0.94.5
aphpkbaphpkb0.94.6
aphpkbaphpkb0.94.7
aphpkbaphpkb0.94.8
aphpkbaphpkb0.94.9
aphpkbaphpkb0.95
aphpkbaphpkb0.95.1
aphpkbaphpkb0.361
aphpkbaphpkb0.371

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.