CVE-2009-3814

Name of the Vulnerable Software and Affected Versions RunCMS version 2M1

Description A static code injection issue allows remote authenticated administrators to execute arbitrary PHP code. This can be achieved via the "Filter/Banning" feature. For example, an attacker can modify the modules/system/cache/bademails.php file using the "Prohibited: Emails" action. Other unspecified filters are also affected.

Recommendations For RunCMS version 2M1, consider disabling the "Filter/Banning" feature until a patch is available to prevent exploitation. Restrict access to the modules/system/cache/bademails.php file and other affected filters to minimize the risk of arbitrary PHP code execution.