EDB-4792
webappsphpVERIFIED
RunCMS 1.6 - Blind SQL Injection (IDS Evasion)
CVE-2007-6544
sh2kerr12/26/2007
説明
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
AI分析AIによる分析
影響を受ける製品
runcmsruncms
1.6
利用可能なエクスプロイト (2)
参照
- http://osvdb.org/41235
- http://osvdb.org/41236
- http://osvdb.org/41237
- http://osvdb.org/41238
- http://osvdb.org/41239
- http://osvdb.org/41240
- http://securityreason.com/securityalert/3493
- http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
- http://www.securityfocus.com/archive/1/485512/100/0/threaded
- http://www.securityfocus.com/bid/27019ExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39289
- https://www.exploit-db.com/exploits/4787
- https://www.exploit-db.com/exploits/4790
- http://osvdb.org/41235
- http://osvdb.org/41236
- http://osvdb.org/41237
- http://osvdb.org/41238
- http://osvdb.org/41239
- http://osvdb.org/41240
- http://securityreason.com/securityalert/3493