cpe:/a:auracms:auracms:1.62 CVE-2008-0811 2008-02-18T21:00:00.000-05:00 2017-09-28T21:30:27.940-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-19T11:41:00.000-05:00 ALLOWS_USER_ACCESS SECTRACK 1019430 BID 27841 EXPLOIT-DB 5130 Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.