cbcvebase.
CVE-2007-6552
published 2007-12-28

CVE-2007-6552: Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot)…

PriorityP431medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
1.64%
73.4th percentile
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.

Affected

1 ranges
VendorProductVersion rangeFixed in
auracmsauracms
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.