Bugtraq mailing list archives
Sql injection in RunCMS
From: "Omid" <omid () hackers ir>
Date: Thu, 07 Sep 2006 09:39:41 +0430
Hi, There are several sql injections in RunCMS 1.4.1 (and maybe before versions) : The "uid" parameter in /class/sessions.class.php, is not checked correctly, which can cause 2 sql injections . Also, "timezone_offset" and "umode" parameters in /class/xoopsuser.php, can make sql injections in 2 queries . Fixpacks can be downloaded from RunCms official website : http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5 The original advisory (in Persian) is located at : http://www.hackers.ir/advisories/runcms.html - Omid
Current thread:
- Sql injection in RunCMS Omid (Sep 07)