Lucene search
K

348 matches found

CVE
CVE
added 2009/10/27 4:0 p.m.70 views

CVE-2009-3804

CVE-2009-3804 affects RunCMS 2M1, specifically the forum module (modules/forum/post.php) and related code (modules/forum/class/class.forumposts.php). The vulnerability involves multiple SQL injection paths where remote authenticated users can execute arbitrary SQL commands via (1) pid and (2) top...

6.5CVSS8.2AI score0.00806EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2009/10/27 4:0 p.m.22 views

CVE-2009-3815

RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...

6.2AI score0.0114EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2009/10/26 12:0 a.m.23 views

RunCMS 2M1 SQL Injection

postid.", pid=".$this-pid.", topicid=".$this-topicid.", forumid=".$this-forumid.", posttime=$datetime, uid=".$this-uid.", posterip='".$this-posterip."', subject='".$subject."', posttext='".$posttext."', allowhtml=".intval$this-allowhtml.", allowsmileys=".intval$this-allowsmileys.",...

0.1AI score
Exploits0
0day.today
0day.today
added 2009/10/26 12:0 a.m.13 views

RunCMS 2m1 store() SQL injection

Exploit for unknown platform in category web applications ================================ RunCMS 2m1 store SQL injection ================================ postid.", pid=".$this-pid.", topicid=".$this-topicid.", forumid=".$this-forumid.", posttime=$datetime, uid=".$this-uid.",...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/10/26 12:0 a.m.49 views

RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit

?php / RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit by Nine:Situations:Group::bookoo site: http://retrogod.altervista.org/ software site: http://www.runcms.org/ vulnerable code in /modules/forum/post.php near lines 16-34 : ... if empty$POST'forum'...

8.3AI score
Exploits0
seebug.org
seebug.org
added 2009/10/26 12:0 a.m.13 views

RunCMS 2m1 store() SQL injection

No description provided by source. ?php / RunCms v.2M1 store - 'pid' remote SQL Injection Exploit by Nine:Situations:Group::bookoo site: http://retrogod.altervista.org/ software site: http://www.runcms.org/ Function store in /modules/forum/class/class.forumposts.php is vulnerable, see lines...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/10/26 12:0 a.m.23 views

RunCMS 2ma post.php SQL injection

Exploit for unknown platform in category web applications ================================= RunCMS 2ma post.php SQL injection ================================= query$sql redirectheader"index.php", 2, MDCANTGETFORUM; exit; ... 'forum' variable is taken from $POST array and inserted in a sql query...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/10/26 12:0 a.m.17 views

RunCMS 2ma - post.php SQL Injection

RunCMS 2ma - post.php SQL Injection query$sql redirectheader"index.php", 2, MDCANTGETFORUM; exit; ... 'forum' variable is taken from $POST array and inserted in a sql query without prior santization and without being surrounded by quotes. Then you can subsequently manipulate this query in...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2009/10/26 12:0 a.m.13 views

RunCMS 2m1 - store() SQL Injection

RunCMS 2m1 - store SQL Injection postid.", pid=".$this-pid.", topicid=".$this-topicid.", forumid=".$this-forumid.", posttime=$datetime, uid=".$this-uid.", posterip='".$this-posterip."', subject='".$subject."', posttext='".$posttext."', allowhtml=".intval$this-allowhtml.",...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2009/10/26 12:0 a.m.12 views

RunCMS 2ma post.php SQL injection

No description provided by source. ?php / RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit by Nine:Situations:Group::bookoo site: http://retrogod.altervista.org/ software site: http://www.runcms.org/ vulnerable code in /modules/forum/post.php near lines 16-34...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/10/26 12:0 a.m.48 views

RunCMS 2m1 - 'store()' SQL Injection

postid.", pid=".$this-pid.", topicid=".$this-topicid.", forumid=".$this-forumid.", posttime=$datetime, uid=".$this-uid.", posterip='".$this-posterip."', subject='".$subject."', posttext='".$posttext."', allowhtml=".intval$this-allowhtml.", allowsmileys=".intval$this-allowsmileys.",...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/10/26 12:0 a.m.30 views

RunCMS 2ma - 'post.php' SQL Injection

query$sql redirectheader"index.php", 2, MDCANTGETFORUM; exit; ... 'forum' variable is taken from $POST array and inserted in a sql query without prior santization and without being surrounded by quotes. Then you can subsequently manipulate this query in /modules/forum/class/class.permissions.php ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/10/26 12:0 a.m.18 views

RunCMS - 'forum' SQL Injection

source: https://www.securityfocus.com/bid/36816/info RunCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

7AI score
Exploits0
Prion
Prion
added 2009/09/14 2:30 p.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that 1 add new administrators or 2 modify user profiles via a crafted request to system/admin.php...

6.8CVSS7.6AI score0.0062EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2009/09/14 2:30 p.m.14 views

CVE-2008-7221

Cross-site request forgery CSRF vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that 1 add new administrators or 2 modify user profiles via a crafted request to system/admin.php...

6.8CVSS7AI score0.0062EPSS
Exploits0References2
Prion
Prion
added 2009/09/14 2:30 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the ranktitle parameter in a RankForumAdd action...

4.3CVSS6.1AI score0.01449EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2009/09/14 2:30 p.m.14 views

CVE-2008-7222

Cross-site scripting XSS vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the ranktitle parameter in a RankForumAdd action...

4.3CVSS5.7AI score0.01449EPSS
Exploits1References3
Cvelist
Cvelist
added 2009/09/14 2:0 p.m.22 views

CVE-2008-7222

Cross-site scripting XSS vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the ranktitle parameter in a RankForumAdd action...

5.7AI score0.01449EPSS
Exploits1References3
Cvelist
Cvelist
added 2009/09/14 2:0 p.m.22 views

CVE-2008-7221

Cross-site request forgery CSRF vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that 1 add new administrators or 2 modify user profiles via a crafted request to system/admin.php...

7AI score0.0062EPSS
Exploits0References2
CVE
CVE
added 2009/09/14 2:0 p.m.47 views

CVE-2008-7221

RunCMS 1.6.1 is affected by a CSRF vulnerability that lets remote attackers hijack administrator sessions by sending crafted requests to system/admin.php, enabling (1) addition of new administrators or (2) modification of user profiles. The vulnerability is triggered through authenticated admin a...

6.8CVSS7.2AI score0.0062EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder