CVE-2009-3804

Runcms - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by bookoo · textwebappsphp

https://www.exploit-db.com/exploits/9964

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group::bookoo · phpwebappsphp

https://www.exploit-db.com/exploits/33307

View Code ZIP pw:eip

References (2)

[Exploit] http://retrogod.altervista.org/9sg_runcms_store_sql.html

[Vendor Advisory] http://secunia.com/advisories/37137

Scores

EPSS 0.0010

EPSS Percentile 27.4%

Details

CWE

CWE-89

Status published

Products (1)

runcms/runcms 2m1

Published Oct 27, 2009

Tracked Since Feb 18, 2026