CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RunCMS 2M1, when running with certain errorreporting levels, allows remote attackers to obtain sensitive information via 1 the op parameter to modules/contact/index.php or 2 uid parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a ca...

5CVSS6.6AI score0.0025EPSS

Exploits1References1

RedhatCVE•added 2025/05/21 9:19 p.m.•5 views

CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...

7.5CVSS7.3AI score0.01715EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 6:17 a.m.•3 views

SUSE CVE-2005-2691

7.5CVSS7.4AI score0.01715EPSS

Exploits0References3

exploitpack•added 2008/07/21 12:0 a.m.•10 views

RunCMS 1.6.1 - bbPath[root_theme] Remote File Inclusion

RunCMS 1.6.1 - bbPathroottheme Remote File Inclusion source: https://www.securityfocus.com/bid/30331/info RunCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the...

0.3AI score

Exploits0

Tenable Nessus•added 2007/10/17 12:0 a.m.•11 views

RunCMS < 1.5.3 Unspecified Vulnerability

Binary data 4250.prm...

10CVSS7.3AI score0.00391EPSS

Exploits0References2

Packet Storm•added 2007/05/08 12:0 a.m.•33 views

runcms152-sql.txt

no authentication is performed to run showfiles and showqueries functions, look at this now in /class/debug/debug.php: ... function showqueries$executedqueries, $sorted=0 global $db; $executedqueries = unserializeurldecode$executedqueries; if $sorted == 1 sort$executedqueries; $issorted =...

7.4AI score

Exploits0

Exploit DB•added 2006/03/06 12:0 a.m.•21 views

RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/16970/info RunCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. An attacker may leverage this issue t...

7AI score

Exploits0

Positive Technologies•added 2005/03/22 12:0 a.m.•1 views

PT-2005-1856 · Php · Php

Name of the Vulnerable Software and Affected Versions: RUNCMS version 1.1A Ciamos version 0.9.2 RC1 e-Xoops version 1.05 Rev3 Description: The issue allows remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PH...

5CVSS6.3AI score0.00483EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by