CVE-2009-3815

Name of the Vulnerable Software and Affected Versions RunCMS version 2M1

Description The issue allows remote attackers to obtain sensitive information when certain error reporting levels are used. This is achieved via the op[] parameter to "modules/contact/index.php" or the uid[] parameter to "userinfo.php". The installation path is leaked in an error message when these parameters are used in a call to the preg match() function.

Recommendations For RunCMS version 2M1, consider disabling the error reporting feature or adjusting its levels to prevent sensitive information disclosure until a patch is available. Restrict access to the "modules/contact/index.php" and "userinfo.php" scripts to minimize the risk of exploitation. Avoid using the op[] and uid[] parameters in the affected API endpoints until the issue is resolved.