CVE-2009-3815: Infoleak
First published: Tue Oct 27 2009(Updated: )
RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Runcms | =2m1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-3815?
CVE-2009-3815 is considered a medium severity vulnerability due to information disclosure risks.
How do I fix CVE-2009-3815?
To fix CVE-2009-3815, adjust the error_reporting level to hide sensitive information from being displayed in error messages.
What types of sensitive information can be exposed by CVE-2009-3815?
CVE-2009-3815 can expose the installation path and other sensitive information through specific error messages.
Which versions of RunCMS are affected by CVE-2009-3815?
CVE-2009-3815 specifically affects RunCMS version 2M1.
What areas of the application are vulnerable in CVE-2009-3815?
CVE-2009-3815 affects the modules/contact/index.php and userinfo.php files due to vulnerable parameter handling.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/runcms
- canonical/runcms
- version/runcms/2m1