Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AuraCMS index.php 目录遍历漏洞
Vulnerability Description
AuraCMS的index.php存在目录遍历漏洞,远程验证用户可以借助操作参数(参数包含一个"..")包含和执行任意本地文件。该参数可能包含news pilih成份,比如包含管理员/管理员用户.php通过保护机制对抗直接请求。
CVSS Information
N/A
Vulnerability Type
N/A