CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-3559

HIGH
7.5
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile36.16th
Published2006年7月13日
Last Modified2026年4月16日

Vulnerability Description

Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.

Affected Platforms (CPE)

📦
Arif Supriyanto

Auracms

= 1.62

References & Advisories

🔗 http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
🔗 http://securityreason.com/securityalert/1226
🔗 http://www.osvdb.org/28201
🔗 http://www.securityfocus.com/archive/1/439494/100/0/threaded
🔗 http://www.securityfocus.com/bid/18867
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/27705
🔗 http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
🔗 http://securityreason.com/securityalert/1226

関連する脆弱性情報

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2018-163388.8

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?m...

CVE-2007-41717.5

SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to exe...

CVE-2007-48047.5

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parame...