Vulnerabilities > Auracms > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-02 CVE-2018-16338 Cross-Site Request Forgery (CSRF) vulnerability in Auracms 2.3
An issue was discovered in AuraCMS 2.3.
network
auracms CWE-352
6.8
6.8
2014-06-05 CVE-2014-3975 Path Traversal vulnerability in Auracms 3.0
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter.
network
low complexity
auracms CWE-22
5.0
5.0
2014-06-05 CVE-2014-3974 Cross-Site Scripting vulnerability in Auracms 3.0
Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.
network
auracms CWE-79
4.3
4.3
2014-02-11 CVE-2014-1401 SQL Injection vulnerability in Auracms
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
network
low complexity
auracms CWE-89
6.5
6.5
2008-04-09 CVE-2008-1715 SQL Injection vulnerability in Auracms
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
network
auracms CWE-89
6.8
6.8
2008-03-20 CVE-2008-1398 SQL Injection vulnerability in Auracms 2.0/2.1/2.2.1
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
network
auracms CWE-89
6.8
6.8
2007-12-28 CVE-2007-6552 Path Traversal vulnerability in Auracms 2.2
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a ..
network
auracms CWE-22
6.0
6.0
2007-09-14 CVE-2007-4886 Code Injection vulnerability in Auracms
Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
network
auracms CWE-94
6.8
6.8