Vulnerabilities > CVE-2006-1793 - Remote Code Execution vulnerability in Runcms 1.1/1.1A

047910
CVSS 7.6 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
high complexity
runcms
exploit available
NVD
Published: 2006-04-17
Updated: 2008-09-05

Summary

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. Succesful exploitation requires that register_globals = On & allow_url_fopen = On

Vulnerable Configurations

Part Description Count
Application
Runcms
3

Exploit-Db

descriptionRunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit. CVE-2006-0659,CVE-2006-1793. Webapps exploit for php platform
idEDB-ID:1485
last seen2016-01-31
modified2006-02-09
published2006-02-09
reporterrgod
sourcehttps://www.exploit-db.com/download/1485/
titleRunCMS <= 1.2 class.forumposts.php Arbitrary Remote Inclusion Exploit

References