Vulnerability Details CVE-2007-4886
Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.1%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2007-4886
-
cpe:2.3:a:auracms:auracms:1.0
-
cpe:2.3:a:auracms:auracms:1.1
-
cpe:2.3:a:auracms:auracms:1.2
-
cpe:2.3:a:auracms:auracms:1.3
-
cpe:2.3:a:auracms:auracms:1.5
-
cpe:2.3:a:auracms:auracms:1.61
-
cpe:2.3:a:auracms:auracms:1.62
-
cpe:2.3:a:auracms:auracms:1.6_beta
-
cpe:2.3:a:auracms:auracms:2.0
-
cpe:2.3:a:auracms:auracms:2.1