includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
References
Link | Resource |
---|---|
http://secunia.com/advisories/16514 | Vendor Advisory |
http://www.gulftech.org/?node=research&article_id=00094-08192005 | Vendor Advisory |
http://secunia.com/advisories/16514 | Vendor Advisory |
http://www.gulftech.org/?node=research&article_id=00094-08192005 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/16514 - Vendor Advisory | |
References | () http://www.gulftech.org/?node=research&article_id=00094-08192005 - Vendor Advisory |
Information
Published : 2005-08-24 04:00
Updated : 2024-11-21 00:00
NVD link : CVE-2005-2691
Mitre link : CVE-2005-2691
CVE.ORG link : CVE-2005-2691
JSON object : View
Products Affected
runcms
- runcms
CWE