CVE-2011-1546

Name of the Vulnerable Software and Affected Versions Aphpkb versions prior to 0.95.3

Description The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to data manipulation or extraction. This can be achieved through various API endpoints, including "a viewusers.php" and "keysearch.php" via the s parameter, and for authenticated administrators, through "pending.php" via the id or start parameters, or "a authordetails.php" via the aid parameter.

Recommendations For versions prior to 0.95.3, update to version 0.95.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "a viewusers.php", "keysearch.php", "pending.php", and "a authordetails.php", until the update is applied. Additionally, limit the use of the vulnerable parameters s, id, start, and aid in these endpoints to minimize the risk of exploitation.