Vulnerabilities > Auracms

DATE CVE VULNERABILITY TITLE RISK
2018-09-02 CVE-2018-16338 Cross-Site Request Forgery (CSRF) vulnerability in Auracms 2.3
An issue was discovered in AuraCMS 2.3.
network
auracms CWE-352
6.8
2018-08-08 CVE-2018-15199 Cross-site Scripting vulnerability in Auracms 2.3
AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.
network
auracms CWE-79
3.5
2014-06-05 CVE-2014-3975 Path Traversal vulnerability in Auracms 3.0
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.
network
low complexity
auracms CWE-22
5.0
2014-06-05 CVE-2014-3974 Cross-Site Scripting vulnerability in Auracms 3.0
Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.
network
auracms CWE-79
4.3
2014-02-11 CVE-2014-1401 SQL Injection vulnerability in Auracms
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
network
low complexity
auracms CWE-89
6.5
2011-03-23 CVE-2010-4774 SQL Injection vulnerability in Auracms 1.62
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
network
low complexity
auracms CWE-89
7.5
2008-07-17 CVE-2008-3203 Improper Authentication vulnerability in Auracms 2.2/2.2.1/2.2.2
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
network
low complexity
auracms CWE-287
7.5
2008-04-09 CVE-2008-1715 SQL Injection vulnerability in Auracms
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
network
auracms CWE-89
6.8
2008-03-20 CVE-2008-1398 SQL Injection vulnerability in Auracms 2.0/2.1/2.2.1
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
network
auracms CWE-89
6.8
2008-02-19 CVE-2008-0811 SQL Injection vulnerability in Auracms 1.62
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
network
low complexity
auracms CWE-89
7.5