Test ID:	1.3.6.1.4.1.25623.1.0.801408
Category:	Web application abuses
Title:	phpaaCMS 'id' Parameter SQL Injection Vulnerabilities
Summary:	phpaaCMS is prone to multiple SQL injection (SQLi) vulnerabilities.
Description:	Summary: phpaaCMS is prone to multiple SQL injection (SQLi) vulnerabilities. Vulnerability Insight: The flaws are due to input validation errors in the 'show.php' and 'list.php' scripts when processing the 'id' parameter, which could be exploited by malicious people to conduct SQL injection attacks. Vulnerability Impact: Successful exploitation will allow attacker to view, add, modify or delete information in the back-end database. Affected Software/OS: phpaaCMS 0.3.1 UTF-8 Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2719 BugTraq ID: 41341 http://www.securityfocus.com/bid/41341 http://www.exploit-db.com/exploits/14199 http://osvdb.org/65994 http://secunia.com/advisories/40450 http://www.vupen.com/english/advisories/2010/1690 XForce ISS Database: phpaacms-show-sql-injection(60075) https://exchange.xforce.ibmcloud.com/vulnerabilities/60075 Common Vulnerability Exposure (CVE) ID: CVE-2010-2720 http://www.exploit-db.com/exploits/14201 http://osvdb.org/65995 XForce ISS Database: phpaacms-list-sql-injection(60076) https://exchange.xforce.ibmcloud.com/vulnerabilities/60076
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.