Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4886

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4886
Last Modified 05 Feb 2009 01:30:38
Published 13 Sep 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4886

Summary

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.

Vulnerable Systems

Application

  • Auracms 1.0

  • Auracms 1.1

  • Auracms 1.2

  • Auracms 1.3

  • Auracms 1.5

  • Auracms 1.6 Beta

  • Auracms 1.61

  • Auracms 1.62

  • Auracms 2.0

  • Auracms 2.1


References

MILW0RM - 4390

MISC - http://www.auracms.org/?pilih=news&aksi=lihat&id=117

OSVDB - 40506


Last Updated: 27 May 2016 10:45:58