2 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. Vulnerabilidad de inyección SQL en comment.php de PHP Knowledge Base (PHPKB) 1.5 y 2.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro ID. • https://www.exploit-db.com/exploits/5428 https://www.exploit-db.com/exploits/12561 http://secunia.com/advisories/29791 http://www.securityfocus.com/bid/28739 https://exchange.xforce.ibmcloud.com/vulnerabilities/41769 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues." • http://d4igoro.blogspot.com/2006/05/phpkb-knowledge-base-xss.html http://secunia.com/advisories/19913 http://www.attrition.org/pipermail/vim/2006-May/000753.html http://www.attrition.org/pipermail/vim/2006-May/000775.html http://www.vupen.com/english/advisories/2006/1628 •