CVE-2007-6545

RunCMS < 1.6 - Cross-Site Scripting via News Subject Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6545. PoCs published by DSecRG.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in RunCMS 1.6, including SQL injection, XSS, PHP injection, and predictable session IDs. It provides specific endpoints and payloads for exploitation but does not include functional exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/4790

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in RunCMS 1.6, including SQL injection, XSS, PHP injection, and predictable session IDs. It provides specific endpoints and payloads for exploitation but does not include functional exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: RunCMS 1.6

No auth needed

Prerequisites: Access to vulnerable RunCMS instance

MITRE ATT&CK