Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-4804. PoCs published by k1tk4t.
AI-analyzed exploit summary This is a writeup detailing multiple SQL injection vulnerabilities in AuraCMS version 1.5rc. It provides examples of exploitable endpoints and payloads but does not include executable exploit code.
Description
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
Exploits (1)
This is a writeup detailing multiple SQL injection vulnerabilities in AuraCMS version 1.5rc. It provides examples of exploitable endpoints and payloads but does not include executable exploit code.