PT-2008-4620 · Auracms · Auracms

K1Tk4T

Published

2008-07-17

Updated

2017-10-19

CVE-2008-3203

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: AuraCMS versions 2.2 through 2.2.2

Description: The issue concerns a lack of authentication in the js/pages/pages data.php file, allowing remote attackers to modify web content. This can be achieved by altering the id parameter.

Recommendations: For AuraCMS versions 2.2 through 2.2.2, consider restricting access to the js/pages/pages data.php file until a patch is available. As a temporary workaround, avoid using the modified id parameter in the affected file to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-3203

Affected Products

Auracms

PT-2008-4620 · Auracms · Auracms

CVE-2008-3203

Weakness Enumeration

Related Identifiers

Affected Products

References · 6