CVE-2009-3804

RunCMS 2M1 - Authenticated SQL Injection via Forum Post Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3804. PoCs published by bookoo, Nine:Situations:Group::bookoo.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in RunCms v.2M1's forum module, specifically in the `store()` function. It allows an authenticated attacker to inject malicious SQL queries via the `pid` parameter to extract admin credentials.

Description

Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by bookoo · textwebappsphp

https://www.exploit-db.com/exploits/9964

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in RunCms v.2M1's forum module, specifically in the `store()` function. It allows an authenticated attacker to inject malicious SQL queries via the `pid` parameter to extract admin credentials.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: RunCms v.2M1

Auth required

Prerequisites: Valid user account · Permission to post in a forum

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group::bookoo · phpwebappsphp

https://www.exploit-db.com/exploits/33307

View Code ZIP pw:eip

This exploit targets an SQL injection vulnerability in RunCMS v2M1, specifically in the '/modules/forum/post.php' file. It allows an attacker to extract admin credentials, hijack sessions, or export a PHP shell under certain conditions.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: RunCMS v2M1

Auth required

Prerequisites: Valid user account · Existing rows in specific forum tables · MySQL 5.0 for table prefix extraction

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://retrogod.altervista.org/9sg_runcms_store_sql.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37137

Scores

EPSS 0.0081

EPSS Percentile 52.0%

Details

CWE

CWE-89

Status published

Products (1)

runcms/runcms 2m1

Published Oct 27, 2009

Tracked Since Feb 18, 2026