Vulnerabilities > Runcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-18 | CVE-2007-5535 | Security vulnerability in Runcms 1.5.2 Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors. | 10.0 |
2007-05-09 | CVE-2007-2539 | SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | 7.8 |
2007-05-09 | CVE-2007-2538 | SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. | 7.5 |
2006-09-09 | CVE-2006-4667 | SQL Injection vulnerability in Runcms 1.4.1 Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. | 7.5 |
2006-04-17 | CVE-2006-1793 | Remote Code Execution vulnerability in Runcms 1.1/1.1A Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. | 7.6 |
2006-03-14 | CVE-2006-1216 | Cross-Site Scripting vulnerability in RunCMS Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. network runcms | 4.3 |
2006-02-24 | CVE-2006-0875 | Cross-Site Scripting vulnerability in RunCMS Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. | 5.0 |
2006-02-16 | CVE-2006-0721 | SQL Injection vulnerability in Runcms 1.2/1.3A/1.3A2 SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | 7.5 |
2006-02-13 | CVE-2006-0659 | Code Injection vulnerability in Runcms 1.1/1.1A Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | 6.8 |
2005-08-24 | CVE-2005-2692 | SQL-Injection vulnerability in Runcms 1.1/1.1A/1.2 Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | 7.5 |