Runcms@* Security Vulnerabilities and Issues — Runcms@* CVE List

Lucene search

RuncmsRuncms*

11 matches found

CVE•added 2006/04/17 10:2 a.m.•366 views

CVE-2006-1793

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.

7.6CVSS6.5AI score0.0582EPSS

CVE•added 2006/02/13 11:6 a.m.•197 views

CVE-2006-0659

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.

6.8CVSS7.7AI score0.0582EPSS

CVE•added 2007/05/09 1:19 a.m.•44 views

CVE-2007-2538

SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.

7.5CVSS8.4AI score0.02713EPSS

CVE•added 2007/05/09 1:19 a.m.•44 views

CVE-2007-2539

The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.

7.8CVSS6.2AI score0.06615EPSS

CVE•added 2008/03/31 5:44 p.m.•41 views

CVE-2008-1551

SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5CVSS8.4AI score0.00378EPSS

CVE•added 2007/12/28 12:46 a.m.•39 views

CVE-2007-6546

RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.

6.4CVSS6.6AI score0.04974EPSS

CVE•added 2008/03/24 9:44 p.m.•36 views

CVE-2008-1462

SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.

6.8CVSS8.3AI score0.00284EPSS

CVE•added 2007/12/28 12:46 a.m.•34 views

CVE-2007-6547

RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.

6.8CVSS6.7AI score0.04713EPSS

CVE•added 2007/12/28 12:46 a.m.•34 views

CVE-2007-6549

Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."

7.5CVSS6.6AI score0.00334EPSS

CVE•added 2007/12/28 12:46 a.m.•32 views

CVE-2007-6545

Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avata...

4.3CVSS5.9AI score0.07696EPSS

CVE•added 2007/12/28 12:46 a.m.•29 views

CVE-2007-6548

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/adm...

7.5CVSS7.1AI score0.05647EPSS