Test ID:	1.3.6.1.4.1.25623.1.0.902608
Category:	Web application abuses
Title:	A Really Simple Chat Multiple SQL Injection Vulnerabilities
Summary:	A Really Simple Chat is prone to multiple SQL injection vulnerabilities.
Description:	Summary: A Really Simple Chat is prone to multiple SQL injection vulnerabilities. Vulnerability Insight: The flaws are due to improper validation of user supplied data to 'arsc_user parameter' in edit_user.php, 'arsc_layout_id' parameter in edit_layout.php and 'arsc_room' parameter in edit_room.php, which allows attacker to execute arbitrary SQL commands. Vulnerability Impact: Successful exploitation will allow attacker to alter queries to the SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data. Affected Software/OS: A Really Simple Chat version 3.3-rc2. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2181 http://www.htbridge.ch/advisory/multiple_sql_injections_in_a_really_simple_chat_arsc.html http://www.openwall.com/lists/oss-security/2011/06/02/1 http://www.openwall.com/lists/oss-security/2011/06/02/7
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.