Multiple SQL injection vulnerabilities in AuraCMS 2.3 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
auracms auracms 2.2.2 |
||
auracms auracms 1.5 |
||
auracms auracms 2.1 |
||
auracms auracms 2.2 |
||
auracms auracms 2.2.1 |
||
auracms auracms 1.62 |
||
auracms auracms 2.0 |
||
auracms auracms 1.1 |
||
auracms auracms 1.0 |
||
auracms auracms |
||
auracms auracms 1.61 |
||
auracms auracms 1.3 |
||
auracms auracms 1.2 |