Runcms@1.6.1 Security Vulnerabilities and Issues — Runcms@1.6.1 CVE List

Lucene search

RuncmsRuncms1.6.1

4 matches found

CVE•added 2008/07/28 5:41 p.m.•457 views

CVE-2008-3354

Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors t...

7.5CVSS7.4AI score0.0582EPSS

CVE•added 2009/09/14 2:30 p.m.•43 views

CVE-2008-7222

Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.

4.3CVSS5.8AI score0.00144EPSS

Web

CVE•added 2009/09/14 2:30 p.m.•37 views

CVE-2008-7221

Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.

6.8CVSS7.2AI score0.00195EPSS

CVE•added 2008/01/10 11:46 p.m.•35 views

CVE-2008-0224

SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.

7.5CVSS8.4AI score0.00338EPSS