Lucene search
HistoryJul 17, 2008 - 1:41 p.m.
CVE-2008-3203
cve-2008-3203
auracms
authentication bypass
web content manipulation
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.042 Low
EPSS
Percentile
92.3%
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
Affected configurations
Node
auracmsauracmsMatch2.2
ORauracmsauracmsMatch2.2.1
ORauracmsauracmsMatch2.2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| auracms:auracms | auracms | eq | 2.2 |
| auracms:auracms | auracms | eq | 2.2.1 |
| auracms:auracms | auracms | eq | 2.2.2 |
Related
nvd
nvd
CVE-2008-3203
2008-07-17 13:41:00
prion
prion
Authentication flaw
2008-07-17 13:41:00
cvelist
cvelist
CVE-2008-3203
2008-07-17 10:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.7 Medium
AI Score
Confidence
Low
0.042 Low
EPSS
Percentile
92.3%
Related for CVE-2008-3203