CVE-2007-6544 Information
Description
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php (2) visit.php or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php (5) modlink.php or (6) brokenlink.php in modules/mylinks/.
Reference
http://osvdb.org/41235 http://osvdb.org/41236 http://osvdb.org/41237 http://osvdb.org/41238 http://osvdb.org/41239 http://osvdb.org/41240 http://securityreason.com/securityalert/3493 http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131 http://www.securityfocus.com/archive/1/485512/100/0/threaded http://www.securityfocus.com/bid/27019 https://exchange.xforce.ibmcloud.com/vulnerabilities/39289 https://www.exploit-db.com/exploits/4787 https://www.exploit-db.com/exploits/4790
Share on: