VYPR
Unrated severityNVD Advisory· Published Sep 11, 2007· Updated Jun 16, 2026

CVE-2007-4804

CVE-2007-4804

Description

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Auracms/Auracms2 versions
    cpe:2.3:a:auracms:auracms:1.5_rc:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:auracms:auracms:1.5_rc:*:*:*:*:*:*:*
    • (no CPE)range: 1.5rc

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.