CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5535
https://notcve.org/view.php?id=CVE-2007-5535
18 Oct 2007 — Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors. Vulnerabilidad sin especificar en el newbb_plus del RunCms 1.5.2 tiene un impacto desconocido y vectores de ataque. • http://osvdb.org/40180 •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 1CVE-2007-2539 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2539
09 May 2007 — The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. La función show_files de RunCms 1.5.2 y anteriores permite a atacantes remotos obtener información sensible (existencia de fichero y metadatos de fichero) a través de vectores no especificados. • https://www.exploit-db.com/exploits/3850 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-2538 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2538
09 May 2007 — SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. Vulnerabilidad de inyección SQL en class/debug/debug_show.php de RunCms 1.5.2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro de tipo array executed_queries. • https://www.exploit-db.com/exploits/3850 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4667
https://notcve.org/view.php?id=CVE-2006-4667
09 Sep 2006 — Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. Múltiples vulnerabilidades de inyección SQL en RunCMS 1.4.1 permiten a un atacante remoto ejecutar comandos SQL de su elección a través del (1) parámetro uid en (a) class/sessiones.class.php, y el (2) timezone_offset y (3) umode parameters en (b) class/xoopsus... • http://secunia.com/advisories/21814 •
CVSS: 7.6EPSS: 2%CPEs: 3EXPL: 3CVE-2006-1793 – RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-1793
17 Apr 2006 — Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. • https://www.exploit-db.com/exploits/1485 •
CVSS: 6.1EPSS: 8%CPEs: 6EXPL: 4CVE-2006-1216 – RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1216
14 Mar 2006 — Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. • https://www.exploit-db.com/exploits/27360 •
CVSS: 6.1EPSS: 5%CPEs: 6EXPL: 4CVE-2006-0875 – RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0875
24 Feb 2006 — Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. • https://www.exploit-db.com/exploits/27256 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 3CVE-2006-0721 – RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-0721
16 Feb 2006 — SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. Vulnerabilidad de inyección de SQL en pmlite.php en RunCMS 1.2 y 1.3a permite a atacantes remotos ejecutar órdenes SQL de su elección mediante el parámetro "to_userid". • https://www.exploit-db.com/exploits/27226 •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 4CVE-2006-0659 – RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-0659
13 Feb 2006 — Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. • https://www.exploit-db.com/exploits/1485 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2005-2692
https://notcve.org/view.php?id=CVE-2005-2692
24 Aug 2005 — Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. • http://secunia.com/advisories/16514 •