vendor:
PHPKB Knowledge Base Software
by:
d3v1l
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPKB Knowledge Base Software
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE: N/A
CPE: a:knowledgebase-script:phpkb_knowledge_base_software
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2007
PHPKB Knowledge Base Software v1.5 Professional (question.php) – SQL Injection Vulnerability
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the HTTP request. This can allow an attacker to gain access to sensitive information such as usernames and passwords stored in the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.