ID de Prueba:	1.3.6.1.4.1.25623.1.0.103135
Categoría:	Web application abuses
Título:	Andy's PHP Knowledgebase 's' Parameter SQL Injection Vulnerability
Resumen:	Andy's PHP Knowledgebase is prone to an SQL-injection vulnerability; because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Descripción:	Summary: Andy's PHP Knowledgebase is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Vulnerability Impact: Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: Andy's PHP Knowledgebase 0.95.2 is vulnerable. Other versions may also be affected. Solution: Updates are available. Please contact the vendor for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1546 BugTraq ID: 47097 http://www.securityfocus.com/bid/47097 Bugtraq: 20110330 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546) (Google Search) http://www.securityfocus.com/archive/1/517261/100/0/threaded http://www.exploit-db.com/exploits/17084/ http://www.uncompiled.com/2011/03/cve-2011-1546/ http://secunia.com/advisories/34476 http://securityreason.com/securityalert/8168 http://securityreason.com/securityalert/8172 http://www.vupen.com/english/advisories/2011/0802 XForce ISS Database: aphpkb-aviewusers-sql-injection(66500) https://exchange.xforce.ibmcloud.com/vulnerabilities/66500
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.