CVE-2009-3804

Name of the Vulnerable Software and Affected Versions RunCMS version 2M1

Description The issue concerns SQL injection vulnerabilities in the post.php module of RunCMS. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands. This can be achieved via two parameters: the pid parameter, which is not properly handled by the store function in class.forumposts.php, and the topic id parameter.

Recommendations For RunCMS version 2M1, consider restricting access to the post.php module until a patch is available. As a temporary workaround, avoid using the pid and topic id parameters in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.