Runcms

Runcms

31 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2010-2852

Exploit
  • EPSS 0.45%
  • Published 25.07.2010 02:04:14
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

5

CVE-2009-3815

Exploit
  • EPSS 0.25%
  • Published 27.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

RunCMS 2M1, when running with certain error_reporting levels, allows remote attackers to obtain sensitive information via (1) the op[] parameter to modules/contact/index.php or (2) uid[] parameter to userinfo.php, which leaks the installation path in...

6.5

CVE-2009-3814

Exploit
  • EPSS 0.42%
  • Published 27.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails...

6.5

CVE-2009-3813

Exploit
  • EPSS 0.25%
  • Published 27.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions....

6.5

CVE-2009-3804

Exploit
  • EPSS 0.1%
  • Published 27.10.2009 16:30:00
  • Last modified 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/cl...

4.3

CVE-2008-7222

Exploit
  • EPSS 0.14%
  • Published 14.09.2009 14:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.

6.8

CVE-2008-7221

  • EPSS 0.2%
  • Published 14.09.2009 14:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.

7.5

CVE-2008-3354

Exploit
  • EPSS 0.88%
  • Published 28.07.2008 17:41:00
  • Last modified 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_th...

7.5

CVE-2008-1551

Exploit
  • EPSS 0.38%
  • Published 31.03.2008 17:44:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.

6.8

CVE-2008-1462

Exploit
  • EPSS 0.28%
  • Published 24.03.2008 21:44:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.