Disclosure: Andy’s PHP Knowledgebase (aphpkb) Multiple Vulnerabilities

[This was originally published on OSVDB, now gone. VulnDB IDs 24310, 24311, 24312]

From: security curmudgeon
To: aphpkb-devel[at]lists.sourceforge.net
Date: Mon, 27 Mar 2006 12:32:18 -0500 (EST)
Subject: Andy’s PHP Knowledgebase (aphpkb) security vulnerability

Hi Andy,

While playing around with your knowledgebase program, I noticed that a few places didn’t sanitize user input, allowing for cross-site scripting (XSS) attacks. The following pages and variables are affected:

index.php keyword_list
submit_article.php title, article, author, keywords
submit_question.php Question, Name, Email

This was tested on version 0.57

Leave a Reply