Skip to main content

Auracms

5 CVEs product

Monthly

CVE-2018-16338 HIGH POC This Week

An issue was discovered in AuraCMS 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Auracms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-15199 MEDIUM POC This Month

AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Auracms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2014-3975 MEDIUM POC THREAT This Month

Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.7%.

Path Traversal PHP Auracms
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.7%
CVE-2014-3974 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Auracms
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.7%
CVE-2014-1401 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Auracms
NVD Exploit-DB GitHub
CVSS 2.0
6.5
EPSS
2.3%
EPSS 0% CVSS 8.8
HIGH POC This Week

An issue was discovered in AuraCMS 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Auracms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Auracms
NVD GitHub
EPSS 14% CVSS 5.0
MEDIUM POC THREAT This Month

Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.7%.

Path Traversal PHP Auracms
NVD Exploit-DB
EPSS 5% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Auracms
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Auracms
NVD Exploit-DB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy