Vulnerability Description
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Auracms | Auracms | 1.5_rc |
Related Weaknesses (CWE)
References
- http://osvdb.org/38409
- http://osvdb.org/38410
- http://osvdb.org/38411
- http://osvdb.org/38412
- http://osvdb.org/38413
- http://www.securityfocus.com/bid/25614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36519
- https://www.exploit-db.com/exploits/4385
- http://osvdb.org/38409
- http://osvdb.org/38410
- http://osvdb.org/38411
- http://osvdb.org/38412
- http://osvdb.org/38413
- http://www.securityfocus.com/bid/25614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36519
FAQ
What is CVE-2007-4804?
CVE-2007-4804 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (...
How severe is CVE-2007-4804?
CVE-2007-4804 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4804?
Check the references section above for vendor advisories and patch information. Affected products include: Auracms Auracms.