Vulnerabilities > CVE-2007-6547 - Input Validation vulnerability in RunCMS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | RunCMS 1.6 Multiple Remote Vulnerabilities. CVE-2007-6545,CVE-2007-6546,CVE-2007-6547,CVE-2007-6548. Webapps exploit for php platform |
file | exploits/php/webapps/4790.txt |
id | EDB-ID:4790 |
last seen | 2016-01-31 |
modified | 2007-12-25 |
platform | php |
port | |
published | 2007-12-25 |
reporter | DSecRG |
source | https://www.exploit-db.com/download/4790/ |
title | runcms 1.6 - Multiple Vulnerabilities |
type | webapps |