Multiple SQL injection vulnerabilities in RunCMS prior to 1.6.1 allow remote malicious users to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
runcms runcms 1.6 |