Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auracms auracms vulnerabilities and exploits
(subscribe to this query)
655
VMScore
CVE-2014-1401
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6)...
Auracms Auracms 1.5
Auracms Auracms 2.2.2
Auracms Auracms 1.0
Auracms Auracms 2.0
Auracms Auracms
Auracms Auracms 1.1
Auracms Auracms 1.2
Auracms Auracms 1.3
Auracms Auracms 2.2.1
Auracms Auracms 2.1
Auracms Auracms 2.2
Auracms Auracms 1.61
Auracms Auracms 1.62
1 EDB exploit
685
VMScore
CVE-2007-4886
Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote malicious users to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is b...
Auracms Auracms 1.5
Auracms Auracms 1.0
Auracms Auracms 2.0
Auracms Auracms 1.1
Auracms Auracms 1.2
Auracms Auracms 1.6 Beta
Auracms Auracms 1.3
Auracms Auracms 2.1
Auracms Auracms 1.61
Auracms Auracms 1.62
1 EDB exploit
755
VMScore
CVE-2007-4908
Directory traversal vulnerability in index.php in AuraCMS 2.1 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.
Auracms Auracms 1.5 Rc
Auracms Auracms 1.5
Auracms Auracms 1.0
Auracms Auracms 2.0
Auracms Auracms 2.1
Auracms Auracms 1.62
1 EDB exploit
755
VMScore
CVE-2008-3203
js/pages/pages_data.php in AuraCMS 2.2 up to and including 2.2.2 does not perform authentication, which allows remote malicious users to add, edit, and delete web content via a modified id parameter.
Auracms Auracms 2.2.2
Auracms Auracms 2.2.1
Auracms Auracms 2.2
1 EDB exploit
685
VMScore
CVE-2008-1398
SQL injection vulnerability in online.php in AuraCMS 2.0 up to and including 2.2.1 allows remote malicious users to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
Auracms Auracms 2.0
Auracms Auracms 2.2.1
Auracms Auracms 2.1
1 EDB exploit
755
VMScore
CVE-2008-0390
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote malicious users to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
Auracms Mod Block Statistik
Auracms Auracms 1.62
1 EDB exploit
685
VMScore
CVE-2008-1715
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the country parameter.
Auracms Auracms
1 EDB exploit
435
VMScore
CVE-2014-3974
Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the viewdir parameter.
Auracms Auracms
1 EDB exploit
605
VMScore
CVE-2018-16338
An issue exists in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic.
Auracms Auracms 2.3
1000
VMScore
CVE-2008-0735
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote malicious users to execute arbitrary SQL commands via the albums parameter.
Auracms Auracms 2.2
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »