CVE-2007-6544
published 2007-12-28CVE-2007-6544: Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1)…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.26%
89.8th percentile
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| runcms | runcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RunCMS 1.6 - Blind SQL Injection (IDS Evasion)
exploitdb·2007-12-26
CVE-2007-6544 RunCMS 1.6 - Blind SQL Injection (IDS Evasion)
RunCMS 1.6 - Blind SQL Injection (IDS Evasion)
---
#/******************************************************************/
#/****** RUNCMS 1.6 BLIND SQL Injection Exploit + IDS evasion *****/
#/******************************************************************/
#/*********** exploit get hash of admin password *************/
#/*********** **************/
#/*********** Exploit is invisible for **************/
#/*********** RUNCMS sql injection detecting mechanism *************/
#/******************************************************************/
#/******************************************************************/
#/*********** tested on RUNCMS english version 1.6 *********/
#/******************************************************************/
#/*********************************************
Exploit-DB
RunCMS 1.6 - Get Admin Cookie Blind SQL Injection
exploitdb·2007-12-25
CVE-2007-6544 RunCMS 1.6 - Get Admin Cookie Blind SQL Injection
RunCMS 1.6 - Get Admin Cookie Blind SQL Injection
---
#/******************************************************************/
#/**** RUNCMS 1.6 BLIND SQL Injection Exploit get Admin Cookie *****/
#/******************************************************************/
#/*********** exploit get admin cookie that can be used *********/
#/*********** to login by pasting it into browser (Opera) *********/
#/*********** and then get access to Admin session *********/
#/*********** and change Admins password *********/
#/*********** *********/
#/******************************************************************/
#/******************************************************************/
#/*********** tested on RUNCMS english version 1.6 *********/
#/*******************************************************
No writeups or analysis indexed.
http://osvdb.org/41235http://osvdb.org/41236http://osvdb.org/41237http://osvdb.org/41238http://osvdb.org/41239http://osvdb.org/41240http://securityreason.com/securityalert/3493http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131http://www.securityfocus.com/archive/1/485512/100/0/threadedhttp://www.securityfocus.com/bid/27019https://exchange.xforce.ibmcloud.com/vulnerabilities/39289https://www.exploit-db.com/exploits/4787https://www.exploit-db.com/exploits/4790http://osvdb.org/41235http://osvdb.org/41236http://osvdb.org/41237http://osvdb.org/41238http://osvdb.org/41239http://osvdb.org/41240http://securityreason.com/securityalert/3493http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131http://www.securityfocus.com/archive/1/485512/100/0/threadedhttp://www.securityfocus.com/bid/27019https://exchange.xforce.ibmcloud.com/vulnerabilities/39289https://www.exploit-db.com/exploits/4787https://www.exploit-db.com/exploits/4790
2007-12-28
Published