Description
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
Exploits (1)
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36519
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38411
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38412
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38413
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25614
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38409
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38410
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4385
Scores
EPSS
0.0068
EPSS Percentile
71.7%
Details
CWE
CWE-89
Status
published
Products (1)
auracms/auracms
1.5_rc
Published
Sep 11, 2007
Tracked Since
Feb 18, 2026