漏洞信息详情
RunCMS远程代码执行漏洞
- CNNVD编号:CNNVD-200602-177
- 危害等级: 高危
- CVE编号: CVE-2006-0659
- 漏洞类型: 代码注入
- 发布时间: 2006-02-13
- 威胁类型: 远程
- 更新时间: 2007-05-10
- 厂 商: runCMS
- 漏洞来源: .');">Discovered by <>
漏洞简介
RunCMS 1.2及之前版本中存在多个PHP远程文件包含漏洞。在启用了register_globals和allow_url_fopen的情况下,远程攻击者可以借助(1) class.forumposts.php和(2) forumpollrenderer.php中的bbPath[path]参数执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
FCKeditor FCKeditor 2.2
FCKeditor FCKeditor_2.3b.tar.gz
http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz
RunCMS FIX1002206-2
http://www.runCMS.org/public/modules/downloads/singlefile.php?lid=242
RunCMS FIX1002206-2
http://www.runCMS.org/public/modules/downloads/singlefile.php?lid=242
RunCMS FIX1002206-2
http://www.runCMS.org/public/modules/downloads/singlefile.php?lid=242
RunCMS FIX1002206-2
http://www.runCMS.org/public/modules/downloads/singlefile.php?lid=242
FCKeditor FCKeditor 2.0 RC2
FCKeditor FCKeditor_2.3b.tar.gz
http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz
FCKeditor FCKeditor 2.0 rc3
FCKeditor FCKeditor_2.3b.tar.gz
http://prdownloads.sourceforge.net/fckeditor/FCKeditor_2.3b.tar.gz
参考网址
来源: BID
名称: 16578
链接:http://www.securityfocus.com/bid/16578
来源: VUPEN
名称: ADV-2006-0503
链接:http://www.frsirt.com/english/advisories/2006/0503
来源: SECUNIA
名称: 18800
链接:http://secunia.com/advisories/18800
来源: BUGTRAQ
名称: 20060209 runCMS <= 1.3a2="" possible="" remote="" code="" execution="" through="" the="" integrated="" fckeditor="">
链接:http://www.securityfocus.com/archive/1/424708
来源: MISC
链接:http://retrogod.altervista.org/runCMS_13a_xpl.HTML
受影响实体
补丁
暂无
评论