VYPR
Unrated severityNVD Advisory· Published Sep 14, 2007· Updated Jun 16, 2026

CVE-2007-4886

CVE-2007-4886

Description

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Auracms/Auracms11 versions
    cpe:2.3:a:auracms:auracms:1.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:auracms:auracms:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:1.61:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:1.62:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:1.6_beta:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:auracms:auracms:2.1:*:*:*:*:*:*:*
    • (no CPE)range: 1.x and probably 2.x

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.