Vulnerabilities > Auracms > Auracms > 2.2

DATE CVE VULNERABILITY TITLE RISK
2014-02-11 CVE-2014-1401 SQL Injection vulnerability in Auracms
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
network
low complexity
auracms CWE-89
6.5
6.5
2008-07-17 CVE-2008-3203 Improper Authentication vulnerability in Auracms 2.2/2.2.1/2.2.2
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
network
low complexity
auracms CWE-287
7.5
7.5
2008-02-13 CVE-2008-0735 SQL Injection vulnerability in Auracms 2.2
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
network
low complexity
auracms CWE-89
critical
 10.0
10
2007-12-28 CVE-2007-6552 Path Traversal vulnerability in Auracms 2.2
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a ..
network
auracms CWE-22
6.0
6.0