js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3203)