PT-2006-5452 · Runcms · Runcms

Omid

Published

2006-09-09

Updated

2018-10-17

CVE-2006-4667

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RunCMS version 1.4.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the uid parameter in class/sessions.class.php, and the timezone offset and umode parameters in class/xoopsuser.php.

Recommendations For RunCMS version 1.4.1, consider restricting access to the class/sessions.class.php and class/xoopsuser.php files until a patch is available. Avoid using the uid, timezone offset, and umode parameters in the affected files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4667

Affected Products

Runcms

PT-2006-5452 · Runcms · Runcms

CVE-2006-4667

Related Identifiers

Affected Products

References · 12