Lucene search

MitreCVE-2007-4804

HistorySep 11, 2007 - 6:17 p.m.

CVE-2007-4804

2007-09-1118:17:00

CWE-89

mitre

web.nvd.nist.gov

cve-2007-4804

sql injection

auracms

remote attackers

arbitrary sql commands

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.009

Percentile

82.7%

JSON

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product’s top-level default URI, using the pilih parameter, in some circumstances.

Affected configurations

Nvd

Node

auracmsauracmsMatch1.5_rc

VendorProductVersionCPE
auracmsauracms1.5_rccpe:2.3:a:auracms:auracms:1.5_rc:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
auracms	auracms	1.5_rc	cpe:2.3:a:auracms:auracms:1.5_rc:::::::*

References

osvdb.org/38409

osvdb.org/38410

osvdb.org/38411

osvdb.org/38412

osvdb.org/38413

www.securityfocus.com/bid/25614

exchange.xforce.ibmcloud.com/vulnerabilities/36519

www.exploit-db.com/exploits/4385

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.009

Percentile

82.7%

JSON

Related for CVE-2007-4804