Vulnerabilities > Runcms > Runcms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-10 | CVE-2008-0224 | SQL Injection vulnerability in Runcms 1.5.3/1.6/1.6.1 SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | 7.5 |
2007-12-28 | CVE-2007-6549 | Remote Security vulnerability in RunCMS Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." | 7.5 |
2007-12-28 | CVE-2007-6548 | Code Injection vulnerability in Runcms Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/. | 7.5 |
2007-12-28 | CVE-2007-6547 | Input Validation vulnerability in RunCMS RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. network runcms | 6.8 |
2007-12-28 | CVE-2007-6546 | Input Validation vulnerability in RunCMS RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. | 6.4 |
2007-12-28 | CVE-2007-6545 | Cross-Site Scripting vulnerability in Runcms Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php. | 4.3 |
2007-12-28 | CVE-2007-6544 | SQL Injection vulnerability in Runcms 1.6 Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | 7.5 |
2007-10-18 | CVE-2007-5535 | Security vulnerability in Runcms 1.5.2 Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors. | 10.0 |
2007-05-09 | CVE-2007-2539 | SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | 7.8 |
2007-05-09 | CVE-2007-2538 | SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. | 7.5 |