Unrated severityNVD Advisory· Published Sep 14, 2007· Updated Jun 16, 2026
CVE-2007-4886
CVE-2007-4886
Description
Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:auracms:auracms:1.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:auracms:auracms:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:1.62:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:1.6_beta:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:auracms:auracms:2.1:*:*:*:*:*:*:*
- (no CPE)range: 1.x and probably 2.x
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.