Vulnerabilities > Runcms > Runcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-25 | CVE-2010-2852 | Cross-Site Scripting vulnerability in Runcms 2.1 Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 2.6 |
| 2009-10-27 | CVE-2009-3815 | Information Exposure vulnerability in Runcms 2M1 RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in an error message when these parameters are used in a call to the preg_match function. | 5.0 |
| 2009-10-27 | CVE-2009-3814 | Code Injection vulnerability in Runcms 2M1 Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters. | 6.5 |
| 2009-10-27 | CVE-2009-3813 | SQL Injection vulnerability in Runcms 2M1 Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php. | 6.5 |
| 2009-10-27 | CVE-2009-3804 | SQL Injection vulnerability in Runcms 2M1 Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. | 6.5 |
| 2009-09-14 | CVE-2008-7222 | Cross-Site Scripting vulnerability in Runcms 1.6.1 Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action. | 4.3 |
| 2009-09-14 | CVE-2008-7221 | Cross-Site Request Forgery (CSRF) vulnerability in Runcms 1.6.1 Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php. | 6.8 |
| 2008-07-28 | CVE-2008-3354 | Code Injection vulnerability in Runcms Newbb Plus Module and Runcms Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. | 7.5 |
| 2008-03-31 | CVE-2008-1551 | SQL Injection vulnerability in Runcms Photo Module and Runcms SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2008-03-24 | CVE-2008-1462 | SQL Injection vulnerability in Runcms SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action. | 6.8 |