CVE-2008-3203

Published: Jul 17, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.

Affected (3)

Products: Auracms: Auracms

Auracms

1 product

Auracms

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Auracms Auracms	Version 2.2.1
Auracms Auracms	Version 2.2.2
Auracms Auracms	Version 2.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (10)

http://secunia.com/advisories/31000

Source: cve@mitre.org

Vendor Advisory

http://www.auracms.org/

Source: cve@mitre.org

http://www.securityfocus.com/bid/30169

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/43682

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6033

Source: cve@mitre.org

http://secunia.com/advisories/31000