Vulnerabilities > Aphpkb > Aphpkb > 0.95.4

DATE CVE VULNERABILITY TITLE RISK
2014-01-10 CVE-2013-7289 Cross-Site Scripting vulnerability in Aphpkb
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter.
network
aphpkb CWE-79
4.3
4.3
2014-01-08 CVE-2013-7277 Cross-Site Scripting vulnerability in Aphpkb
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.
network
aphpkb CWE-79
4.3
4.3
2011-04-04 CVE-2011-1556 SQL Injection vulnerability in Aphpkb 0.95.4
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.
network
aphpkb CWE-89
6.8
6.8