CVE-2011-1555

Current Description

SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information.

Basic Data

PublishedApril 04, 2011
Last ModifiedApril 05, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-89
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAphpkbAphpkb0.1*******
    2.3ApplicationAphpkbAphpkb0.2*******
    2.3ApplicationAphpkbAphpkb0.3*******
    2.3ApplicationAphpkbAphpkb0.4*******
    2.3ApplicationAphpkbAphpkb0.5*******
    2.3ApplicationAphpkbAphpkb0.6*******
    2.3ApplicationAphpkbAphpkb0.9*******
    2.3ApplicationAphpkbAphpkb0.21*******
    2.3ApplicationAphpkbAphpkb0.31*******
    2.3ApplicationAphpkbAphpkb0.33*******
    2.3ApplicationAphpkbAphpkb0.35*******
    2.3ApplicationAphpkbAphpkb0.38*******
    2.3ApplicationAphpkbAphpkb0.39*******
    2.3ApplicationAphpkbAphpkb0.41*******
    2.3ApplicationAphpkbAphpkb0.42*******
    2.3ApplicationAphpkbAphpkb0.43*******
    2.3ApplicationAphpkbAphpkb0.44*******
    2.3ApplicationAphpkbAphpkb0.45*******
    2.3ApplicationAphpkbAphpkb0.51*******
    2.3ApplicationAphpkbAphpkb0.52*******
    2.3ApplicationAphpkbAphpkb0.53*******
    2.3ApplicationAphpkbAphpkb0.54*******
    2.3ApplicationAphpkbAphpkb0.55*******
    2.3ApplicationAphpkbAphpkb0.56*******
    2.3ApplicationAphpkbAphpkb0.57*******
    2.3ApplicationAphpkbAphpkb0.58*******
    2.3ApplicationAphpkbAphpkb0.59*******
    2.3ApplicationAphpkbAphpkb0.61*******
    2.3ApplicationAphpkbAphpkb0.62*******
    2.3ApplicationAphpkbAphpkb0.63*******
    2.3ApplicationAphpkbAphpkb0.64*******
    2.3ApplicationAphpkbAphpkb0.65*******
    2.3ApplicationAphpkbAphpkb0.66*******
    2.3ApplicationAphpkbAphpkb0.67*******
    2.3ApplicationAphpkbAphpkb0.70*******
    2.3ApplicationAphpkbAphpkb0.71*******
    2.3ApplicationAphpkbAphpkb0.72*******
    2.3ApplicationAphpkbAphpkb0.73*******
    2.3ApplicationAphpkbAphpkb0.74*******
    2.3ApplicationAphpkbAphpkb0.75*******
    2.3ApplicationAphpkbAphpkb0.76*******
    2.3ApplicationAphpkbAphpkb0.77*******
    2.3ApplicationAphpkbAphpkb0.78*******
    2.3ApplicationAphpkbAphpkb0.79*******
    2.3ApplicationAphpkbAphpkb0.80*******
    2.3ApplicationAphpkbAphpkb0.81*******
    2.3ApplicationAphpkbAphpkb0.82*******
    2.3ApplicationAphpkbAphpkb0.83*******
    2.3ApplicationAphpkbAphpkb0.84*******
    2.3ApplicationAphpkbAphpkb0.85*******
    2.3ApplicationAphpkbAphpkb0.86*******
    2.3ApplicationAphpkbAphpkb0.87*******
    2.3ApplicationAphpkbAphpkb0.88*******
    2.3ApplicationAphpkbAphpkb0.88.5*******
    2.3ApplicationAphpkbAphpkb0.88.6*******
    2.3ApplicationAphpkbAphpkb0.88.7*******
    2.3ApplicationAphpkbAphpkb0.88.8*******
    2.3ApplicationAphpkbAphpkb0.89*******
    2.3ApplicationAphpkbAphpkb0.91*******
    2.3ApplicationAphpkbAphpkb0.92*******
    2.3ApplicationAphpkbAphpkb0.92.1*******
    2.3ApplicationAphpkbAphpkb0.92.2*******
    2.3ApplicationAphpkbAphpkb0.92.3*******
    2.3ApplicationAphpkbAphpkb0.92.4*******
    2.3ApplicationAphpkbAphpkb0.92.5*******
    2.3ApplicationAphpkbAphpkb0.92.6*******
    2.3ApplicationAphpkbAphpkb0.92.7*******
    2.3ApplicationAphpkbAphpkb0.92.8*******
    2.3ApplicationAphpkbAphpkb0.92.9*******
    2.3ApplicationAphpkbAphpkb0.93.1*******
    2.3ApplicationAphpkbAphpkb0.93.2*******
    2.3ApplicationAphpkbAphpkb0.93.3*******
    2.3ApplicationAphpkbAphpkb0.93.4*******
    2.3ApplicationAphpkbAphpkb0.93.5*******
    2.3ApplicationAphpkbAphpkb0.93.6*******
    2.3ApplicationAphpkbAphpkb0.93.7*******
    2.3ApplicationAphpkbAphpkb0.93.8*******
    2.3ApplicationAphpkbAphpkb0.93.9*******
    2.3ApplicationAphpkbAphpkb0.94.1*******
    2.3ApplicationAphpkbAphpkb0.94.2*******
    2.3ApplicationAphpkbAphpkb0.94.3*******
    2.3ApplicationAphpkbAphpkb0.94.4*******
    2.3ApplicationAphpkbAphpkb0.94.5*******
    2.3ApplicationAphpkbAphpkb0.94.6*******
    2.3ApplicationAphpkbAphpkb0.94.7*******
    2.3ApplicationAphpkbAphpkb0.94.8*******
    2.3ApplicationAphpkbAphpkb0.94.9*******
    2.3ApplicationAphpkbAphpkb0.95*******
    2.3ApplicationAphpkbAphpkb0.95.1*******
    2.3ApplicationAphpkbAphpkb0.95.2*******
    2.3ApplicationAphpkbAphpkb********0.95.3
    2.3ApplicationAphpkbAphpkb0.361*******
    2.3ApplicationAphpkbAphpkb0.371*******

Vulnerable Software List

VendorProductVersions
Aphpkb Aphpkb *, 0.1, 0.2, 0.21, 0.3, 0.31, 0.33, 0.35, 0.361, 0.371, 0.38, 0.39, 0.4, 0.41, 0.42, 0.43, 0.44, 0.45, 0.5, 0.51, 0.52, 0.53, 0.54, 0.55, 0.56, 0.57, 0.58, 0.59, 0.6, 0.61, 0.62, 0.63, 0.64, 0.65, 0.66, 0.67, 0.70, 0.71, 0.72, 0.73, 0.74, 0.75, 0.76, 0.77, 0.78, 0.79, 0.80, 0.81, 0.82, 0.83, 0.84, 0.85, 0.86, 0.87, 0.88, 0.88.5, 0.88.6, 0.88.7, 0.88.8, 0.89, 0.9, 0.91, 0.92, 0.92.1, 0.92.2, 0.92.3, 0.92.4, 0.92.5, 0.92.6, 0.92.7, 0.92.8, 0.92.9, 0.93.1, 0.93.2, 0.93.3, 0.93.4, 0.93.5, 0.93.6, 0.93.7, 0.93.8, 0.93.9, 0.94.1, 0.94.2, 0.94.3, 0.94.4, 0.94.5, 0.94.6, 0.94.7, 0.94.8, 0.94.9, 0.95, 0.95.1, 0.95.2

References

NameSourceURLTags
http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.htmlhttp://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.htmlCONFIRMPatch
34476http://secunia.com/advisories/34476SECUNIAVendor Advisory
ADV-2011-0802http://www.vupen.com/english/advisories/2011/0802VUPENVendor Advisory