CVE-2007-4804

critical

Description

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.

References

https://www.exploit-db.com/exploits/4385

https://exchange.xforce.ibmcloud.com/vulnerabilities/36519

http://www.securityfocus.com/bid/25614

http://osvdb.org/38413

http://osvdb.org/38412

http://osvdb.org/38411

http://osvdb.org/38410

http://osvdb.org/38409

Details

Source: Mitre, NVD

Published: 2007-09-11

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01168