CVE-2005-2692

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 addquery and 2 subquery parameters to the newbb plus module, the forum parameter to 3 newtopic.php, 4 edit.php, or 5 reply.php in the newbb plus module, or 6 the msg...

PT-2005-1857 · Ciamos +2 · Ciamos +2

Name of the Vulnerable Software and Affected Versions: RUNCMS version 1.1A CIAMOS version 0.9.2 RC1 e-Xoops version 1.05 Rev3 Description: The issue allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter. This can be used to read sensitive information...