CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:runcms:runcms:1.1:*:*:*:*:*:*:*
cpe:2.3:a:runcms:runcms:1.1a:*:*:*:*:*:*:*
cpe:2.3:a:runcms:runcms:1.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:00

Type Values Removed Values Added
References () http://secunia.com/advisories/16514 - Vendor Advisory () http://secunia.com/advisories/16514 - Vendor Advisory
References () http://www.gulftech.org/?node=research&article_id=00094-08192005 - Vendor Advisory () http://www.gulftech.org/?node=research&article_id=00094-08192005 - Vendor Advisory

Information

Published : 2005-08-24 04:00

Updated : 2024-11-21 00:00


NVD link : CVE-2005-2691

Mitre link : CVE-2005-2691

CVE.ORG link : CVE-2005-2691


JSON object : View

Products Affected

runcms

  • runcms