CVE-2007-4886

2007-09-1400:00:00

mitre

www.cve.org

7.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.