Lucene search

[email protected]CVE-2009-3813

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-3813

2022-10-0316:23:54

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

runcms

2m1

vulnerabilities

remote

authenticated users

arbitrary

commands

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.1%

JSON

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php.

Affected configurations

NVD

Node

runcmsruncmsMatch2m1

CPENameOperatorVersion
runcms:runcmsruncmseq2m1

CPE	Name	Operator	Version
runcms:runcms	runcms	eq	2m1

References

retrogod.altervista.org/9sg_runcms_forum_sql.html

secunia.com/advisories/37137

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2009-3813

cvelist1 prion1 nvd1