CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Auracms: >> Auracms >> 1.6_beta Security Vulnerabilities

CVE-2007-4886

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.

CVSS Score

6.8

EPSS Score

0.013

Published

2007-09-14

Page 1

Vulnerabilities

Vulnerable Software

Auracms: >> Auracms >> 1.6_beta Security Vulnerabilities

Products

Pricing

Contact Us