CVE-2006-4667 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-4667
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-4667

Description: Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/28806 SREASON http://securityreason.com/securityalert/1532 SAID Secunia Advisory: SA21814 OSVDB 28616 28617 MISC http://www.hackers.ir/advisories/runcms.html CONFIRM http://www.runcms.org/modules/mydownloads/viewcat.php?cid=5 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/445524/100/0/threaded BID 19913

Return to the previous page.