CVE-2010-2719

In the provided documents, phpaaCMS shows a SQL injection in show.php via the id parameter (version 0.3.1 UTF-8; potentially other versions). The root cause is improper input handling that allows remote attackers to execute arbitrary SQL commands. The OpenVAS entry explicitly notes multiple SQL i...

CVE-2010-2720

CVE-2010-2720 affects phpaaCMS up to version 0.3.1 UTF-8, with a vulnerability in the list.php that allows an attacker to pass the id parameter to trigger an unauthenticated SQL injection and execute arbitrary SQL commands. The CVE has a published base CVSS v2 score of 7.5 (HIGH). A related OpenV...