FKIE_CVE-2014-1401

Vulnerability from fkie_nvd - Published: 2014-02-11 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
References
cve@mitre.orghttp://packetstormsecurity.com/files/125079
cve@mitre.orghttp://secunia.com/advisories/56804
cve@mitre.orghttp://www.exploit-db.com/exploits/31520
cve@mitre.orghttp://www.securityfocus.com/archive/1/530930/100/0/threaded
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/90965
cve@mitre.orghttps://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade
cve@mitre.orghttps://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747
cve@mitre.orghttps://www.htbridge.com/advisory/HTB23196
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/125079
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56804
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/31520
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/530930/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90965
af854a3a-2127-422b-91ae-364da2661108https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade
af854a3a-2127-422b-91ae-364da2661108https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747
af854a3a-2127-422b-91ae-364da2661108https://www.htbridge.com/advisory/HTB23196
Impacted products
Vendor Product Version
auracms auracms *
auracms auracms 1.0
auracms auracms 1.1
auracms auracms 1.2
auracms auracms 1.3
auracms auracms 1.5
auracms auracms 1.61
auracms auracms 1.62
auracms auracms 2.0
auracms auracms 2.1
auracms auracms 2.2
auracms auracms 2.2.1
auracms auracms 2.2.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:auracms:auracms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14620A04-7FEA-460D-8164-C809596EAA97",
              "versionEndIncluding": "2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28DAF5D-6FB2-40A3-AE26-83B2B653CBE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5F58C57-054F-4C64-9B45-CC1B0A0ABA56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7ADCAB-79C7-456C-A71B-C93C865B32D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD4278C-D878-47D8-8AFB-FB0C8FD79052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C81747-2524-4F3A-94B6-BE5C7C8C1BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:1.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F49F7B4-6267-4BD5-AA97-0853A33DDA84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:1.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C93C4BB-2CC5-48AA-9440-A2C2199F6B06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79834D18-B70E-4ADC-B458-EF26ED1016C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E62CD9C-DE5F-4E6D-9D37-A1B028C1D9DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7506B9A2-A20E-48D3-9809-8E4B34CB243E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA5702-01AB-4238-A4A8-E890F5BDB20F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:auracms:auracms:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "054E2EA6-5A0F-48D0-BB32-5F5DBDA312BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en AuraCMS 2.3 y anteriores permiten a usuarios autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del (1) par\u00e1metro  search en mod/content/content.php  o  las cabeceras HTTP en (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR o (6) FORWARDED hacia index.php."
    }
  ],
  "id": "CVE-2014-1401",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-11T17:55:06.857",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/125079"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/56804"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/31520"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/530930/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90965"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.htbridge.com/advisory/HTB23196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/125079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/31520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/530930/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/auracms/AuraCMS/commit/4fe9d0d31a32df392f4d6ced8e5c25ed4af19ade"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/auracms/AuraCMS/commit/790f66ffbc4f23a6e13636fc79d0aa1a7d81e747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.htbridge.com/advisory/HTB23196"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.