CVE-2014-1401CVE-2014-1401

Affected configuration(s):

cpe:/a:auracms:auracms:1.0
cpe:/a:auracms:auracms:1.1
cpe:/a:auracms:auracms:1.2
cpe:/a:auracms:auracms:1.3
cpe:/a:auracms:auracms:1.5
cpe:/a:auracms:auracms:1.61
cpe:/a:auracms:auracms:1.62
cpe:/a:auracms:auracms:2.0
cpe:/a:auracms:auracms:2.1
cpe:/a:auracms:auracms:2.2
cpe:/a:auracms:auracms:2.2.1
cpe:/a:auracms:auracms:2.2.2
cpe:/a:auracms:auracms:2.3

Date published: 2014-02-11T12:55:06.857-05:00

Date last modified: 2017-08-28T21:34:24.733-04:00

CVSS Score: 6.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://packetstormsecurity.com/files/125079

Summary: Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.