CVE-2008-7221

Name of the Vulnerable Software and Affected Versions RunCMS version 1.6.1

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators. This can be done by sending a crafted request to "system/admin.php" to either add new administrators or modify user profiles.

Recommendations For RunCMS version 1.6.1, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the system/admin.php endpoint to minimize the risk of exploitation.