CVE-2008-0390

Auracms - Code Injection

Title source: rule

Description

stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · perlwebappsphp

https://www.exploit-db.com/exploits/4933

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/27342

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4933

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39777

Scores

EPSS 0.0452

EPSS Percentile 89.2%

Details

CWE

CWE-94

Status published

Products (2)

auracms/auracms 1.62

auracms/mod_block_statistik

Published Jan 23, 2008

Tracked Since Feb 18, 2026