CVE-2009-3814

RunCMS 2M1 - Authenticated PHP Code Injection via Filter/Banning Feature

Title source: llm
STIX 2.1

Description

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters.

References (1)

Core 1
Core References

Scores

EPSS 0.0107
EPSS Percentile 60.7%

Details

CWE
CWE-94
Status published
Products (1)
runcms/runcms 2m1
Published Oct 27, 2009
Tracked Since Feb 18, 2026