CVE-2009-3814 Information

Description

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the \Filter/Banning\ feature as demonstrated by modifying modules/system/cache/bademails.php using the \Prohibited: Emails\ action and other unspecified filters.

Reference

http://retrogod.altervista.org/9sg_runcms_forum_sql.html