CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-1551 – RunCMS Module Photo 3.02 - 'cid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1551
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL en viewcat.php del módulo Photo 3.02 para RunCMS permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid. • https://www.exploit-db.com/exploits/5290 http://secunia.com/advisories/29513 http://www.securityfocus.com/bid/28395 https://exchange.xforce.ibmcloud.com/vulnerabilities/41378 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1462 – RunCMS Module section - 'artid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1462
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action. Vulnerabilidad de inyección SQL en el módulo secciones (Section) de RunCMS permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro artid en una acción viewarticle. • https://www.exploit-db.com/exploits/5285 http://www.securityfocus.com/bid/28378 https://exchange.xforce.ibmcloud.com/vulnerabilities/41377 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0878 – RunCMS Module MyAnnonces - 'cid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0878
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. Vulnerabilidad de inyección SQL en index.php del módulo MyAnnonces 1.7 y versiones anteriores para RunCMS permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en una acción view. • https://www.exploit-db.com/exploits/5156 http://www.securityfocus.com/bid/27902 http://www.vupen.com/english/advisories/2008/0619 https://exchange.xforce.ibmcloud.com/vulnerabilities/40861 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2008-0224 – RunCMS Newbb_plus 0.92 - Client IP SQL Injection
https://notcve.org/view.php?id=CVE-2008-0224
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. Vulnerabilidad de inyección SQL en index.php del módulo Newbb_plus 0.92 y anteriores para RunCMS 1.6.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro Client-Ip. • https://www.exploit-db.com/exploits/4845 http://secunia.com/advisories/28340 http://www.securityfocus.com/bid/27152 https://exchange.xforce.ibmcloud.com/vulnerabilities/39478 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6547 – RunCMS 1.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6547
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. RunCMS anterior a 1.6.1 no requiere la introducción de la contraseña antigua durante un cambio de contraseña, lo cual permite a usuarios locales o remotos (dependiendo del contexto) cambiar contraseñas si obtienen acceso temporal a una sesión. • https://www.exploit-db.com/exploits/4790 http://osvdb.org/41246 http://securityreason.com/securityalert/3493 http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131 http://www.securityfocus.com/archive/1/485512/100/0/threaded http://www.securityfocus.com/bid/27019 •