CVE-2007-4804: SQL Injection
First published: Tue Sep 11 2007(Updated: )
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tina Tinacms | =1.5_rc |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-4804?
CVE-2007-4804 is considered a medium severity vulnerability due to its potential for SQL injection attacks.
How do I fix CVE-2007-4804?
To fix CVE-2007-4804, you should sanitize and validate all user inputs, particularly the id parameter in the affected scripts.
Which versions of AuraCMS are affected by CVE-2007-4804?
AuraCMS versions 1.5rc are affected by CVE-2007-4804.
What types of attacks can CVE-2007-4804 facilitate?
CVE-2007-4804 can facilitate SQL injection attacks, allowing remote attackers to execute arbitrary SQL commands.
In which scripts can CVE-2007-4804 be exploited?
CVE-2007-4804 can be exploited through the hal.php, cetak.php, lihat.php, pesan.php, and teman.php scripts.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/auracms
- canonical/tina tinacms
- version/tina tinacms/1.5_rc