CVE-2005-2692

Name of the Vulnerable Software and Affected Versions RunCMS versions 1.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the addquery and subquery parameters to the newbb plus module, the forum parameter to newtopic.php, edit.php, or reply.php in the newbb plus module, or the msg id parameter to print.php in the messages module.

Recommendations For RunCMS versions 1.2 and earlier, as a temporary workaround, consider restricting access to the newbb plus module and the messages module until a patch is available. Avoid using the addquery, subquery, forum, and msg id parameters in the affected API endpoints until the issue is resolved.