Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6544

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6544
Last Modified 15 Nov 2008 02:05:00
Published 27 Dec 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6544

Summary

Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.

Vulnerable Systems

Application

  • Runcms 1.6


References

BID - 27019

BUGTRAQ - 20071225 Multiple vulnerabilities in RUNCMS 1.6 by DSecRG

MILW0RM - 4790

CONFIRM - http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131

MILW0RM - 4787

OSVDB - 41240

OSVDB - 41239

OSVDB - 41238

OSVDB - 41237

OSVDB - 41236

OSVDB - 41235

XF - runcms-lid-sql-injection(39289)

SREASON - 3493


Last Updated: 27 May 2016 10:46:32