VYPR

Aurora CMS

by Aurora

CVEs (3)

  • CVE-2018-10666HigMay 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. A new owner can subsequently modify variables.

  • CVE-2017-14597MedSep 19, 2017
    risk 0.31cvss 4.8epss 0.01

    AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.

  • CVE-2009-3365Sep 24, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.