CVE-2008-0811

Name of the Vulnerable Software and Affected Versions AuraCMS version 1.62

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the kid parameter to /mod/dl.php or /mod/links.php API endpoints, and the query parameter to search.php.

Recommendations For AuraCMS version 1.62, consider disabling the mod/dl.php and mod/links.php scripts, as well as the search.php script, until a patch is available to prevent exploitation via the kid and query parameters. Restrict access to these API endpoints to minimize the risk of exploitation. Avoid using the kid parameter in the /mod/dl.php and /mod/links.php API endpoints and the query parameter in the search.php API endpoint until the issue is resolved.