CVE Vulnerability

CVE-2007-6544

Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
http://www.securityfocus.com/bid/27019 Exploit Patch
http://securityreason.com/securityalert/3493
http://osvdb.org/41240
http://osvdb.org/41239
http://osvdb.org/41236
http://osvdb.org/41237
http://osvdb.org/41235
http://osvdb.org/41238
https://exchange.xforce.ibmcloud.com/vulnerabilities/39289
https://www.exploit-db.com/exploits/4790
https://www.exploit-db.com/exploits/4787
http://www.securityfocus.com/archive/1/485512/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:runcms:runcms:1.6:*:*:*:*:*:*:*
Information

Published : 2007-12-28 12:46

Updated : 2018-10-15 09:55

NVD link : CVE-2007-6544

Mitre link : CVE-2007-6544

Products Affected
No products.
CWE
CWE-89