| VID |
210091 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The RunCMS software is vulnerable to a local file include vulnerability in the 'include/common.php' script. RunCMS / E-Xoops is a freely available community management system written in PHP, developed from XOOPS. RUNCMS version 1.6 and earlier versions are vulnerable to a local file include vulnerability, caused by improper validation of user-supplied input to the 'xoopsOption[pagetype]' parameter in the 'include/common.php' script. Regardless of PHP's 'register_globals' setting, by sending a specially-crafted request to the 'modules/news/index.php' script using the xoopsOption['pagetype'] parameter, a remote attacker could view arbitrary files on the system or execute arbitrary PHP local files with the privileges of the Web server. Successful exploitation of this vulnerability requires that 'magic_quotes_gpc' is disabled.
* References:
http://www.milw0rm.com/exploits/4656
http://secunia.com/advisories/27790/
* Platforms Affected:
RunCMS version 1.6 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the fixed version 1.6.1 of RunCMS or later, available from the RunCMS Web site at http://sourceforge.net/projects/runcms/ |
| Related URL |
(CVE) |
| Related URL |
26562 (SecurityFocus) |
| Related URL |
38613 (ISS) |
|
