CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 4CVE-2006-1216 – RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1216
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. • https://www.exploit-db.com/exploits/27360 http://secunia.com/advisories/18997 http://securityreason.com/securityalert/474 http://www.kapda.ir/advisory-280.html http://www.osvdb.org/23823 http://www.securityfocus.com/archive/1/426829 http://www.securityfocus.com/bid/16970 •
CVSS: 5.0EPSS: 3%CPEs: 6EXPL: 4CVE-2006-0875 – RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0875
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. • https://www.exploit-db.com/exploits/27256 http://kapda.ir/advisory-267.html http://secunia.com/advisories/18997 http://securitytracker.com/id?1015663 http://www.osvdb.org/23388 http://www.securityfocus.com/archive/1/425775/100/0/threaded http://www.securityfocus.com/bid/16769 http://www.vupen.com/english/advisories/2006/0694 https://exchange.xforce.ibmcloud.com/vulnerabilities/24871 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 3CVE-2006-0721 – RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-0721
SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. Vulnerabilidad de inyección de SQL en pmlite.php en RunCMS 1.2 y 1.3a permite a atacantes remotos ejecutar órdenes SQL de su elección mediante el parámetro "to_userid". • https://www.exploit-db.com/exploits/27226 http://hamid.ir/security/runcms.txt http://secunia.com/advisories/18831 http://securitytracker.com/id?1015626 http://www.runcms.org/public/modules/forum/viewtopic.php?topic_id=4003&forum=18 http://www.securityfocus.com/archive/1/425293/100/0/threaded http://www.securityfocus.com/bid/16652 http://www.vupen.com/english/advisories/2006/0572 https://exchange.xforce.ibmcloud.com/vulnerabilities/24676 •
CVSS: 6.8EPSS: 11%CPEs: 3EXPL: 4CVE-2006-0659 – RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-0659
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. • https://www.exploit-db.com/exploits/1485 http://retrogod.altervista.org/runcms_13a_xpl.html http://secunia.com/advisories/18800 http://www.securityfocus.com/archive/1/424708 http://www.securityfocus.com/bid/16578 http://www.vupen.com/english/advisories/2006/0503 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2005-2692
https://notcve.org/view.php?id=CVE-2005-2692
Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. • http://secunia.com/advisories/16514 http://www.gulftech.org/?node=research&article_id=00094-08192005 •