CVE-2007-6544

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

ultiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.

References

Link	Resource
http://osvdb.org/41235
http://osvdb.org/41236
http://osvdb.org/41237
http://osvdb.org/41238
http://osvdb.org/41239
http://osvdb.org/41240
http://securityreason.com/securityalert/3493
http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
http://www.securityfocus.com/archive/1/485512/100/0/threaded
http://www.securityfocus.com/bid/27019	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/39289
https://www.exploit-db.com/exploits/4787
https://www.exploit-db.com/exploits/4790
http://osvdb.org/41235
http://osvdb.org/41236
http://osvdb.org/41237
http://osvdb.org/41238
http://osvdb.org/41239
http://osvdb.org/41240
http://securityreason.com/securityalert/3493
http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
http://www.securityfocus.com/archive/1/485512/100/0/threaded
http://www.securityfocus.com/bid/27019	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/39289
https://www.exploit-db.com/exploits/4787
https://www.exploit-db.com/exploits/4790

Configurations

Configuration 1 (hide)

cpe:2.3:a:runcms:runcms:1.6:*:*:*:*:*:*:*

History

21 Nov 2024, 00:40

Type	Values Removed	Values Added
References	~~() http://osvdb.org/41235 -~~	() http://osvdb.org/41235 -
References	~~() http://osvdb.org/41236 -~~	() http://osvdb.org/41236 -
References	~~() http://osvdb.org/41237 -~~	() http://osvdb.org/41237 -
References	~~() http://osvdb.org/41238 -~~	() http://osvdb.org/41238 -
References	~~() http://osvdb.org/41239 -~~	() http://osvdb.org/41239 -
References	~~() http://osvdb.org/41240 -~~	() http://osvdb.org/41240 -
References	~~() http://securityreason.com/securityalert/3493 -~~	() http://securityreason.com/securityalert/3493 -
References	~~() http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131 -~~	() http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131 -
References	~~() http://www.securityfocus.com/archive/1/485512/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/485512/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/27019 - Exploit, Patch~~	() http://www.securityfocus.com/bid/27019 - Exploit, Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/39289 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/39289 -
References	~~() https://www.exploit-db.com/exploits/4787 -~~	() https://www.exploit-db.com/exploits/4787 -
References	~~() https://www.exploit-db.com/exploits/4790 -~~	() https://www.exploit-db.com/exploits/4790 -

Information

Published : 2007-12-28 00:46

Updated : 2025-04-09 00:30

NVD link : CVE-2007-6544

Mitre link : CVE-2007-6544

CVE.ORG link : CVE-2007-6544

JSON object : View

Products Affected

runcms

runcms

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10