Filtered by vendor Runcms
Subscriptions
Filtered by product Runcms
Subscriptions
Total
31 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-6544 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | ||||
CVE-2007-5535 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors. | ||||
CVE-2007-2538 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. | ||||
CVE-2007-2539 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | ||||
CVE-2008-7222 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action. | ||||
CVE-2008-7221 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php. | ||||
CVE-2008-3354 | 1 Runcms | 2 Newbb Plus Module, Runcms | 2024-08-07 | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2008-1551 | 1 Runcms | 2 Photo Module, Runcms | 2024-08-07 | N/A |
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
CVE-2008-1462 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action. | ||||
CVE-2008-0224 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | ||||
CVE-2010-2852 | 1 Runcms | 1 Runcms | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter. |