Back to CVE Browser

CVE-2007-4804

HIGH

7.5

CVSS Severity Score

EPSS Score0.1020%

EPSS Percentile27.83th

PublishedSep 11, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.

Affected Platforms (CPE)

📦

Auracms

Auracms

= 1.5_rc

References & Advisories

🔗 http://osvdb.org/38409

🔗 http://osvdb.org/38410

🔗 http://osvdb.org/38411

🔗 http://osvdb.org/38412

🔗 http://osvdb.org/38413

🔗 http://www.securityfocus.com/bid/25614

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/36519

🔗 https://www.exploit-db.com/exploits/4385

Related Vulnerabilities

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2018-163388.8

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?m...

CVE-2007-41717.5

SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to exe...

CVE-2006-35597.5

Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands an...