CVE-2005-2691

Name of the Vulnerable Software and Affected Versions RunCMS versions 1.2 and earlier

Description The issue allows remote attackers to overwrite arbitrary variables, possibly enabling the execution of arbitrary code, due to the extract function being called with EXTR OVERWRITE on HTTP POST variables in the includes/common.php file.

Recommendations For RunCMS versions 1.2 and earlier, consider modifying the includes/common.php file to avoid using EXTR OVERWRITE when calling the extract function on HTTP POST variables, or apply alternative security measures to prevent variable overwrite attacks.