• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: RunCMS Multiple Input Validation Vulnerabilities

Severity: HIGH

Description:

RunCMS is a web-based content manager. It is implemented in PHP.

The application is prone to multiple input-validation vulnerabilities.

1. Three SQL-injection vulnerabilities affect the 'mydownloads' module. These issues affect the 'lid' variable of the following scripts:

brokenfile.php
visit.php
ratefile.php

2. Three SQL-injection vulnerabilities affect the 'mylinks' module. These issues affect the 'lid' variable of the following scripts:

ratelink.php
modlink.php
brokenlink.php

3. An HTML-injection vulnerability resides in the 'subject' parameter of 'submit.php'.

4. A cross-site scripting vulnerability resides in the URI parameters of the 'news' module via the 'index.php' script.

5. An HTML-injection vulnerability resides in the 'edituser.php'. Attackers may upload a malicious avatar that contains hostile HTML and script code that will be rendered by other users who view the avatar.

6. Administrative users can inject malicious PHP code through the following modules, parameters, and scripts:

'system' module via the 'header' and 'footer' parameters of 'admin.php'
'system' module via the 'disclaimer' parameter of 'admin.php'
'mydownloads' module admin section via the 'disclaimer' parameter of 'index.php'
'new_bb' module admin section via the 'disclaimer' parameter of 'forum_config.php'
'mylinks' module admin section via the 'disclaimer' parameter of 'index.php'
'sections' module admin section via the 'info' parameter of 'index.php'

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker with administrative privileges to the application can also inject malicious PHP code that will be executed with the privileges of the web-server.

These issues affect RunCMS 1.6; other versions may also be affected.

Affected Products:

• RunCMS RunCMS 1.6

References:

• RunCMS: RunCMS Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.