RunCMS Multiple Input Validation Vulnerabilities

RunCMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include multiple SQL-injection, cross-site scripting, HTML-injection, and PHP code-injection vulnerabilities.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker with administrative privileges to the application can also inject malicious PHP code that will be executed with the privileges of the webserver.

These issues affect RunCMS 1.6; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus