2 matches found
Sql injection
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171...
CVE-2007-4804
AuraCMS 1.5rc is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands through the id parameter in hal.php, cetak.php, lihat.php, pesan.php, and teman.php. In some cases the scripts are reachable via requests to the product’s top-level UR...