Vulnerabilities > Auracms > Auracms > 2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-11 | CVE-2014-1401 | SQL Injection vulnerability in Auracms Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php. | 6.5 |
| 2008-03-20 | CVE-2008-1398 | SQL Injection vulnerability in Auracms 2.0/2.1/2.2.1 SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | 6.8 |
| 2007-09-17 | CVE-2007-4908 | Path Traversal vulnerability in Auracms Directory traversal vulnerability in index.php in AuraCMS 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2007-09-17 | CVE-2007-4905 | Improper Input Validation vulnerability in Auracms 2.1 Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/. | 7.5 |
| 2007-09-14 | CVE-2007-4886 | Code Injection vulnerability in Auracms Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs. | 6.8 |