CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-0390

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/27342
https://exchange.xforce.ibmcloud.com/vulnerabilities/39777
https://www.exploit-db.com/exploits/4933
http://www.securityfocus.com/bid/27342
https://exchange.xforce.ibmcloud.com/vulnerabilities/39777
https://www.exploit-db.com/exploits/4933

Products affected by CVE-2008-0390

Auracms » Auracms » Version: 1.62

cpe:2.3:a:auracms:auracms:1.62
Auracms » Mod Block Statistik » Version: Any

cpe:2.3:a:auracms:mod_block_statistik:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-0390

Products

Pricing

Contact Us