CVE-2007-4804 Information

Description

Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php (2) cetak.php (3) lihat.php (4) pesan.php and (5) teman.php different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product’s top-level default URI using the pilih parameter in some circumstances.

Reference

http://osvdb.org/38409 http://osvdb.org/38410 http://osvdb.org/38411 http://osvdb.org/38412 http://osvdb.org/38413 http://www.securityfocus.com/bid/25614 https://exchange.xforce.ibmcloud.com/vulnerabilities/36519 https://www.exploit-db.com/exploits/4385