Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2007-09-14T00:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2007-09-13T00:00:00
Link: CVE-2007-4886
JSON object: View
NVD Information
Status : Modified
Published: 2007-09-14T00:17:00.000
Modified: 2017-09-29T01:29:24.500
Link: CVE-2007-4886
JSON object: View
Redhat Information
No data.
CWE