CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-4804

HIGH
7.5
CVSS Severity Score
EPSS Score0.1020%
EPSS Percentile27.83th
Published2007年9月11日
Last Modified2026年4月23日

Vulnerability Description

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.

Affected Platforms (CPE)

📦
Auracms

Auracms

= 1.5_rc

References & Advisories

🔗 http://osvdb.org/38409
🔗 http://osvdb.org/38410
🔗 http://osvdb.org/38411
🔗 http://osvdb.org/38412
🔗 http://osvdb.org/38413
🔗 http://www.securityfocus.com/bid/25614
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/36519
🔗 https://www.exploit-db.com/exploits/4385

相關漏洞威脅

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2018-163388.8

An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?m...

CVE-2007-41717.5

SQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to exe...

CVE-2006-35597.5

Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands an...