Vulnerabilities > Auracms > Auracms > 2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-11 | CVE-2014-1401 | SQL Injection vulnerability in Auracms Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php. | 6.5 |
2008-07-17 | CVE-2008-3203 | Improper Authentication vulnerability in Auracms 2.2/2.2.1/2.2.2 js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter. | 7.5 |
2008-02-13 | CVE-2008-0735 | SQL Injection vulnerability in Auracms 2.2 SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter. | 10.0 |
2007-12-28 | CVE-2007-6552 | Path Traversal vulnerability in Auracms 2.2 Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. | 6.0 |