TUCoPS :: Web :: CMS / Portals :: b06-4633.htm

RunCMS SQL Injection vuln
Sql injection in RunCMS
Sql injection in RunCMS

There are several sql injections in RunCMS 1.4.1 (and maybe before versions) :

The "uid" parameter in /class/sessions.class.php, is not checked correctly,
which can cause 2 sql injections .

Also, "timezone_offset" and "umode" parameters in /class/xoopsuser.php,
can make sql injections in 2 queries .

Fixpacks can be downloaded from RunCms official website :

The original advisory (in Persian) is located at :

- Omid

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH