N/A

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php.

N/A

N/A

RunCMS 2m1 SQL注入漏洞

RunCMS是国外的一个开源CMS，功能上包含了建站所需要的大部分功能。 RunCMS 2M1版本中存在多个SQL注入漏洞。远程验证用户可以借助(1)modules/forum/post.php的forum参数或(2) modules/forum/class/class.permissions.php的forum_id自变量，执行任意SQL指令。

N/A

N/A