Auracms : Security Vulnerabilities, CVEs, Published In 2008 (Sql injection)
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
Max CVSS
6.8
EPSS Score
0.09%
Published
2008-04-09
Updated
2017-09-29
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
Max CVSS
6.8
EPSS Score
0.09%
Published
2008-03-20
Updated
2017-09-29
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-02-19
Updated
2017-09-29
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
Max CVSS
10.0
EPSS Score
0.10%
Published
2008-02-13
Updated
2017-09-29
4 vulnerabilities found