| VID |
21768 |
| Severity |
40 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of RunCMS which is older or as old as than version 1.2 is tested as installed on the host. RunCMS / E-Xoops is a freely available community management system written in PHP, developed from XOOPS. RUNCMS version 1.2 and earlier versions are vulnerable to multiple vulnerabilities, which can allow remote attackers to overwrite arbitrary variables by passing them via a POST method and carry out SQL injection attacks.
* References:
http://www.gulftech.org/?node=research&article_id=00094-08192005
http://secunia.com/advisories/16514/
* Platforms Affected:
RUNCMS version 1.2 and earlier versions
Any operating system Any version |
| Recommendation |
The vulnerabilities were reportedly silently patched in mid-July 2005.
Upgrade to the latest version of RunCMS (1.2 or later), available from the RunCMS Web site at http://www.runcms.org/modules/news/ |
| Related URL |
CVE-2005-2691,CVE-2005-2692 (CVE) |
| Related URL |
14631,14634 (SecurityFocus) |
| Related URL |
21945,21949 (ISS) |
|
