CVE-2007-4886

AuraCMS 1.x and 2.x - Remote Code Execution via pilih Parameter URL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4886. PoCs published by k1tk4t.

AI-analyzed exploit summary This exploit demonstrates a remote file attachment vulnerability in AuraCMS 2.1, allowing arbitrary file uploads to the '/files/' directory, and a local file inclusion vulnerability due to improper input validation in 'index.php'. The PoC includes steps to upload a shell and access sensitive files via path traversal.

Description

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/4390

View Code ZIP pw:eip

This exploit demonstrates a remote file attachment vulnerability in AuraCMS 2.1, allowing arbitrary file uploads to the '/files/' directory, and a local file inclusion vulnerability due to improper input validation in 'index.php'. The PoC includes steps to upload a shell and access sensitive files via path traversal.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AuraCMS 2.1

No auth needed

Prerequisites: magic_quotes_gpc must be off · file upload functionality accessible

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1205 - Traffic Signaling T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://www.auracms.org/?pilih=news&aksi=lihat&id=117

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/40506

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4390

Scores

EPSS 0.0207

EPSS Percentile 79.0%

Details

CWE

CWE-94

Status published

Products (10)

auracms/auracms 1.0

auracms/auracms 1.1

auracms/auracms 1.2

auracms/auracms 1.3

auracms/auracms 1.5

auracms/auracms 1.6_beta

auracms/auracms 1.61

auracms/auracms 1.62

auracms/auracms 2.0

auracms/auracms 2.1

Published Sep 14, 2007

Tracked Since Feb 18, 2026