CVE-2009-3814
RunCMS 2M1 - Authenticated PHP Code Injection via Filter/Banning Feature
Title source: llmDescription
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters.
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://retrogod.altervista.org/9sg_runcms_forum_sql.html
Scores
EPSS
0.0107
EPSS Percentile
60.7%
Details
CWE
CWE-94
Status
published
Products (1)
runcms/runcms
2m1
Published
Oct 27, 2009
Tracked Since
Feb 18, 2026