mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 10:41:43 +00:00
795 B
795 B
CVE-2007-6552
Description
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
POC
Reference
Github
No PoCs found on GitHub currently.