js/pages/pages_data.php in AuraCMS 2.2 up to and including 2.2.2 does not perform authentication, which allows remote malicious users to add, edit, and delete web content via a modified id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
auracms auracms 2.2.2 |
||
auracms auracms 2.2 |
||
auracms auracms 2.2.1 |