AuraCMS 'pages_data.php' Security Bypass Vulnerability
BID:30169
Info
AuraCMS 'pages_data.php' Security Bypass Vulnerability
| Bugtraq ID: | 30169 |
| Class: | Access Validation Error |
| CVE: |
CVE-2008-3203 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 09 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | k1tk4t |
| Vulnerable: |
auraCMS auraCMS 2.2.2 auraCMS auraCMS 2.2.1 auraCMS auraCMS 2.2 |
| Not Vulnerable: | |
Discussion
AuraCMS 'pages_data.php' Security Bypass Vulnerability
AuraCMS is prone to a vulnerability that allows an unauthorized attacker to add, edit, or delete content on certain pages because the software fails to properly restrict access to certain functionality.
AuraCMS 2.2.2 and prior versions are vulnerable.
AuraCMS is prone to a vulnerability that allows an unauthorized attacker to add, edit, or delete content on certain pages because the software fails to properly restrict access to certain functionality.
AuraCMS 2.2.2 and prior versions are vulnerable.
Exploit / POC
AuraCMS 'pages_data.php' Security Bypass Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit is available:
Attackers can use a browser to exploit this issue.
The following exploit is available:
Solution / Fix
AuraCMS 'pages_data.php' Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].