Vulnerabilities > CVE-2006-1793 - Remote Code Execution vulnerability in Runcms 1.1/1.1A
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. Succesful exploitation requires that register_globals = On & allow_url_fopen = On
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | RunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit. CVE-2006-0659,CVE-2006-1793. Webapps exploit for php platform |
id | EDB-ID:1485 |
last seen | 2016-01-31 |
modified | 2006-02-09 |
published | 2006-02-09 |
reporter | rgod |
source | https://www.exploit-db.com/download/1485/ |
title | RunCMS <= 1.2 class.forumposts.php Arbitrary Remote Inclusion Exploit |