CVE-2005-2691 Information

Description

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables which allows remote attackers to overwrite arbitrary variables possibly allowing execution of arbitrary code.

Reference

http://secunia.com/advisories/16514 http://www.gulftech.org/?node=research&article_id=00094-08192005