Vulnerabilities
Vulnerable Software
Auracms:  >> Auracms  >> 1.62  Security Vulnerabilities
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
CVSS Score
6.5
EPSS Score
0.03
Published
2014-02-11
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
CVSS Score
7.5
EPSS Score
0.009
Published
2011-03-23
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
CVSS Score
7.5
EPSS Score
0.01
Published
2008-02-19
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
CVSS Score
7.5
EPSS Score
0.023
Published
2008-01-23
Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.
CVSS Score
7.5
EPSS Score
0.028
Published
2007-09-17
Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
CVSS Score
6.8
EPSS Score
0.021
Published
2007-09-14


Contact Us

Shodan ® - All rights reserved