CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5535
https://notcve.org/view.php?id=CVE-2007-5535
18 Oct 2007 — Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors. Vulnerabilidad sin especificar en el newbb_plus del RunCms 1.5.2 tiene un impacto desconocido y vectores de ataque. • http://osvdb.org/40180 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-2538 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2538
09 May 2007 — SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. Vulnerabilidad de inyección SQL en class/debug/debug_show.php de RunCms 1.5.2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro de tipo array executed_queries. • https://www.exploit-db.com/exploits/3850 •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 1CVE-2007-2539 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2539
09 May 2007 — The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. La función show_files de RunCms 1.5.2 y anteriores permite a atacantes remotos obtener información sensible (existencia de fichero y metadatos de fichero) a través de vectores no especificados. • https://www.exploit-db.com/exploits/3850 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4667
https://notcve.org/view.php?id=CVE-2006-4667
09 Sep 2006 — Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. Múltiples vulnerabilidades de inyección SQL en RunCMS 1.4.1 permiten a un atacante remoto ejecutar comandos SQL de su elección a través del (1) parámetro uid en (a) class/sessiones.class.php, y el (2) timezone_offset y (3) umode parameters en (b) class/xoopsus... • http://secunia.com/advisories/21814 •
CVSS: 7.6EPSS: 2%CPEs: 3EXPL: 3CVE-2006-1793 – RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-1793
17 Apr 2006 — Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. • https://www.exploit-db.com/exploits/1485 •
CVSS: 6.1EPSS: 8%CPEs: 6EXPL: 4CVE-2006-1216 – RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1216
14 Mar 2006 — Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. • https://www.exploit-db.com/exploits/27360 •
CVSS: 6.1EPSS: 5%CPEs: 6EXPL: 4CVE-2006-0875 – RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0875
24 Feb 2006 — Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. • https://www.exploit-db.com/exploits/27256 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 3CVE-2006-0721 – RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-0721
16 Feb 2006 — SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. Vulnerabilidad de inyección de SQL en pmlite.php en RunCMS 1.2 y 1.3a permite a atacantes remotos ejecutar órdenes SQL de su elección mediante el parámetro "to_userid". • https://www.exploit-db.com/exploits/27226 •
CVSS: 9.8EPSS: 5%CPEs: 3EXPL: 4CVE-2006-0659 – RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-0659
13 Feb 2006 — Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. • https://www.exploit-db.com/exploits/1485 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2005-2691
https://notcve.org/view.php?id=CVE-2005-2691
24 Aug 2005 — includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. • http://secunia.com/advisories/16514 •