Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Runcms SQL注入漏洞
Vulnerability Description
RunCMS是国外的一个开源CMS,功能上包含了建站所需要的大部分功能。 RunCMS没有对/modules/forum/post.php的"pid"和"forum"参数值进行适当的审查,导致RunCMS的modules/forum/post.php中存在多个SQL注入漏洞。远程验证用户可以借助未经modules/forum/class/class.forumposts.php中的存储函数适当处理过的pid参数或topic_id参数,执行任意SQL指令。 该漏洞被证实存在于2M1版本中。其它版本也可能受到
CVSS Information
N/A
Vulnerability Type
N/A