CVE-2008-0390

Name of the Vulnerable Software and Affected Versions AuraCMS version 1.62 Mod Block Statistik for AuraCMS

Description The issue allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to "index.php", and then execute online.db.txt via a certain request to "index.php".

Recommendations For AuraCMS version 1.62, consider disabling the stat action to index.php until a patch is available. For Mod Block Statistik for AuraCMS, restrict access to the online.db.txt file to minimize the risk of exploitation. Avoid using the X-Forwarded-For HTTP header in the stat action to index.php until the issue is resolved.