{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T02:29:53.951","vulnerabilities":[{"cve":{"id":"CVE-2008-1398","sourceIdentifier":"cve@mitre.org","published":"2008-03-20T10:44:00.000","lastModified":"2026-06-16T22:51:39.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en online.php de AuraCMS versión 2.0 hasta 2.2.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el campo X-Forwarded-For (variable de entorno HTTP_X_FORWARDED_FOR) en la cabecera HTTP."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:auracms:auracms:2.0:*:*:*:*:*:*:*","matchCriteriaId":"79834D18-B70E-4ADC-B458-EF26ED1016C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:auracms:auracms:2.1:*:*:*:*:*:*:*","matchCriteriaId":"1E62CD9C-DE5F-4E6D-9D37-A1B028C1D9DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:auracms:auracms:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"CCAA5702-01AB-4238-A4A8-E890F5BDB20F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/28257","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41217","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/5256","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/28257","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41217","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/5256","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}