Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6552

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2007-6552
Last Modified 15 Nov 2008 02:05:05
Published 27 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6552

Summary

Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.

Vulnerable Systems

Application

  • Auracms 2.2


References

MILW0RM - 4786

OSVDB - 39804

MISC - http://newhack.org/advisories/AuraCMS-2.2-RemoteAddAdmin.txt

BID - 27037


Last Updated: 27 May 2016 10:46:32