Auracms@2.0 Security Vulnerabilities and Issues — Auracms@2.0 CVE List

Lucene search

AuracmsAuracms2.0

4 matches found

CVE•added 2014/02/11 5:55 p.m.•40 views

CVE-2014-1401

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to ind...

6.5CVSS8.2AI score0.02678EPSS

CVE•added 2007/09/14 12:17 a.m.•34 views

CVE-2007-4886

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

6.8CVSS7.6AI score0.01326EPSS

CVE•added 2007/09/17 4:17 p.m.•33 views

CVE-2007-4908

Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.

7.5CVSS7.1AI score0.05367EPSS

CVE•added 2008/03/20 10:44 a.m.•29 views

CVE-2008-1398

SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

6.8CVSS8.4AI score0.00284EPSS