Filtered by vendor Runcms
Subscribe
Total
34 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0878 | 1 Runcms | 1 Myannonces | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
CVE-2007-6548 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/. | |||||
CVE-2007-6549 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." | |||||
CVE-2007-2539 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.8 HIGH | N/A |
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | |||||
CVE-2008-0224 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | |||||
CVE-2006-0875 | 1 Runcms | 1 Runcms | 2023-12-10 | 5.0 MEDIUM | N/A |
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. | |||||
CVE-2005-1031 | 2 E-xoops, Runcms | 2 E-xoops, Runcms | 2023-12-10 | 5.0 MEDIUM | N/A |
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | |||||
CVE-2006-0721 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | |||||
CVE-2005-2691 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.5 HIGH | N/A |
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | |||||
CVE-2006-1793 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.6 HIGH | N/A |
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. | |||||
CVE-2006-1216 | 1 Runcms | 1 Runcms | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2005-2692 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | |||||
CVE-2006-4667 | 1 Runcms | 1 Runcms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. | |||||
CVE-2006-0659 | 1 Runcms | 1 Runcms | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. |