VYPR
Vendor

Auracms

Products
4
CVEs
22
Across products
24
Status
Private

Products

4

Recent CVEs

22
View all 22 CVEs →
  • CVE-2018-16338HigSep 2, 2018
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.

  • CVE-2018-15199MedAug 8, 2018
    risk 0.35cvss 5.4epss 0.01

    AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.

  • CVE-2014-3975Jun 5, 2014
    risk 0.04cvss epss 0.07

    Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.

  • CVE-2007-4905Sep 17, 2007
    risk 0.04cvss epss 0.07

    Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/.

  • CVE-2014-3974Jun 5, 2014
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.

  • CVE-2010-4774Mar 23, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.

  • CVE-2008-3203Jul 17, 2008
    risk 0.03cvss epss 0.03

    js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.

  • CVE-2008-1715Apr 9, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.

  • CVE-2008-1398Mar 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

  • CVE-2008-0811Feb 19, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.

  • CVE-2008-0735Feb 13, 2008
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.

  • CVE-2008-0390Jan 23, 2008
    risk 0.03cvss epss 0.02

    stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.

  • CVE-2007-6552Dec 28, 2007
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php…

  • CVE-2007-4908Sep 17, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.

  • CVE-2007-4886Sep 14, 2007
    risk 0.03cvss epss 0.02

    Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is…

  • CVE-2007-4804Sep 11, 2007
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be…

  • CVE-2007-4171Aug 7, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information.

  • CVE-2014-1401Feb 11, 2014
    risk 0.00cvss epss 0.03

    Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6)…

  • CVE-2006-3558Jul 13, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when…

  • CVE-2006-3559Jul 13, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.