Shodan
Vulnerabilities
Vulnerable Software
Runcms:  Security Vulnerabilities
CVE-2007-5535
Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.004
Published
2007-10-18
CVE-2007-2538
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.
CVSS Score
7.5
EPSS Score
0.028
Published
2007-05-09
CVE-2007-2539
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.069
Published
2007-05-09
CVE-2006-4667
Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php.
CVSS Score
7.5
EPSS Score
0.02
Published
2006-09-09
CVE-2006-1793
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
CVSS Score
7.6
EPSS Score
0.023
Published
2006-04-17
CVE-2006-1216
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS Score
4.3
EPSS Score
0.082
Published
2006-03-14
CVE-2006-0875
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.
CVSS Score
5.0
EPSS Score
0.056
Published
2006-02-24
CVE-2006-0721
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter.
CVSS Score
7.5
EPSS Score
0.012
Published
2006-02-16
CVE-2006-0659
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.
CVSS Score
6.8
EPSS Score
0.058
Published
2006-02-13
CVE-2005-2691
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
CVSS Score
7.5
EPSS Score
0.017
Published
2005-08-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved