CVE-2009-3815
RunCMS 2M1 - Exposure of Sensitive Information via Error Message in preg_match
Title source: llmDescription
RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function.
References (1)
Core 1
Core References
Exploit x_refsource_misc
http://retrogod.altervista.org/9sg_runcms_forum_sql.html
Scores
EPSS
0.0114
EPSS Percentile
62.8%
Details
CWE
CWE-200
Status
published
Products (1)
runcms/runcms
2m1
Published
Oct 27, 2009
Tracked Since
Feb 18, 2026