cpe:/a:auracms:auracms:1.5_rc CVE-2007-4804 2007-09-11T14:17:00.000-04:00 2017-09-28T21:29:23.347-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-09-12T09:24:00.000-04:00 ALLOWS_OTHER_ACCESS BID 25614 OSVDB 38409 OSVDB 38410 OSVDB 38411 OSVDB 38412 OSVDB 38413 EXPLOIT-DB 4385 XF auracms-multiple-sql-injection(36519) Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.