CVE-2009-3528
MyMsg 1.0.3 is vulnerable in profile.php (SQL injection) via the uid parameter in a show action. The OpenVAS entries confirm a remote-authenticated SQLi flaw that could allow arbitrary SQL execution. Impact is partial confidentiality, integrity, and availability, with a CVSS v2 base score of 6.5 ...