EDB-4792
webappsphpVERIFIED
RunCMS 1.6 - Blind SQL Injection (IDS Evasion)
CVE-2007-6544
sh2kerr12/26/2007
CVE-2007-6544
NONEMultiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php i
Veröffentlicht: 12/28/2007Aktualisiert: 4/9/2025
Beschreibung
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
KI-AnalyseKI-gestützt
Betroffene Produkte
runcmsruncms
1.6
Verfügbare Exploits (2)
Referenzen
- http://osvdb.org/41235
- http://osvdb.org/41236
- http://osvdb.org/41237
- http://osvdb.org/41238
- http://osvdb.org/41239
- http://osvdb.org/41240
- http://securityreason.com/securityalert/3493
- http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
- http://www.securityfocus.com/archive/1/485512/100/0/threaded
- http://www.securityfocus.com/bid/27019ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39289
- https://www.exploit-db.com/exploits/4787
- https://www.exploit-db.com/exploits/4790
- http://osvdb.org/41235
- http://osvdb.org/41236
- http://osvdb.org/41237
- http://osvdb.org/41238
- http://osvdb.org/41239
- http://osvdb.org/41240
- http://securityreason.com/securityalert/3493