Vulnerability Details CVE-2006-0659
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.058
EPSS Ranking 90.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://retrogod.altervista.org/runcms_13a_xpl.html
- http://secunia.com/advisories/18800
- http://www.securityfocus.com/archive/1/424708
- http://www.securityfocus.com/bid/16578
- http://www.vupen.com/english/advisories/2006/0503
- http://retrogod.altervista.org/runcms_13a_xpl.html
- http://secunia.com/advisories/18800
- http://www.securityfocus.com/archive/1/424708
- http://www.securityfocus.com/bid/16578
- http://www.vupen.com/english/advisories/2006/0503