cpe:/a:mambo:mambo cpe:/a:parkview_consultants:simplefaq:2.11 cpe:/a:parkview_consultants:simplefaq:2.40 CVE-2007-4456 2007-08-21T17:17:00.000-04:00 2017-09-28T21:29:17.203-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-08-22T10:17:00.000-04:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20070820 Joomla Component SimpleFAQ V2.11 - Remote SQL Injection BUGTRAQ 20070820 Mambo Component SimpleFAQ V2.11 - Remote SQL Injection BID 25376 SECUNIA 26556 SREASON 3041 EXPLOIT-DB 4296 XF simplefaq-index-sql-injection(36113) SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.