CVE-2018-16338

HIGH

8.8

CVSS Severity Score

EPSS Score0.0660%

EPSS Percentile30.78th

PublishedSep 2, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.

Affected Platforms (CPE)

📦

Auracms

= 2.3

References & Advisories

🔗 https://github.com/auracms/AuraCMS/issues/3

Related Vulnerabilities

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2007-41717.5

SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to exe...

CVE-2006-35597.5

Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands an...

CVE-2007-48047.5

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parame...