Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
runcms runcms 2m1 |