| VID |
210056 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The RunCMS software is vulnerable to multiple vulnerabilities in the debug_show.php script. RunCMS / E-Xoops is a freely available community management system written in PHP, developed from XOOPS. RUNCMS version 1.5.2 and earlier versions are vulnerable to an SQL injection vulnerability and an information disclosure vulnerability. These vulnerabilities could allow a remote attacker to view, add, modify or delete information in the back-end database, and to obtain the file location and file metadata as well as other sensitive information.
* References:
http://www.runcms.org/news/23.html
http://www.securityfocus.com/archive/1/467665/30/0/threaded
http://www.frsirt.com/english/advisories/2007/1669
http://secunia.com/advisories/25154
* Platforms Affected:
RunCMS version 1.5.2 and earlier versions
Any operating system Any version |
| Recommendation |
Apply BugFix 20070504 for RunCMS 1.x, available from the RunCMS Web site at http://www.runcms.org/news/23.html
-- OR --
Upgrade to the fixed version 1.5.2 of RunCMS or later, available from the RunCMS Web site at http://www.runcms.org/modules/news/ |
| Related URL |
CVE-2007-2538,CVE-2007-2539 (CVE) |
| Related URL |
23819 (SecurityFocus) |
| Related URL |
34075,34237 (ISS) |
|
