PhpaaCMS 'id' Parameter SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running phpaaCMS and is prone SQL injection vulnerabilities.

Impact

Successful exploitation will allow attacker to view, add, modify or delete information in the back-end database. Impact Level: Application.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaws are due to input validation errors in the 'show.php' and 'list.php' scripts when processing the 'id' parameter, which could be exploited by malicious people to conduct SQL injection attacks.

Affected

phpaaCMS 0.3.1 UTF-8

References

http://secunia.com/advisories/40450
http://www.exploit-db.com/exploits/14199/
http://www.exploit-db.com/exploits/14201/
http://www.vupen.com/english/advisories/2010/1690

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2719, CVE-2010-2720

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
A-Blog 'sources/search.php' SQL Injection Vulnerability
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
AdMentor Login Flaw
Atmail Multiple Unspecified Security Vulnerabilities.

phpaaCMS 'id' Parameter SQL Injection Vulnerabilities

Take action and discover your vulnerabilities