CVSS: 6.8EPSS: 11%CPEs: 3EXPL: 4CVE-2006-0659 – RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-0659
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. • https://www.exploit-db.com/exploits/1485 http://retrogod.altervista.org/runcms_13a_xpl.html http://secunia.com/advisories/18800 http://www.securityfocus.com/archive/1/424708 http://www.securityfocus.com/bid/16578 http://www.vupen.com/english/advisories/2006/0503 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2005-2691
https://notcve.org/view.php?id=CVE-2005-2691
includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. • http://secunia.com/advisories/16514 http://www.gulftech.org/?node=research&article_id=00094-08192005 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2005-2692
https://notcve.org/view.php?id=CVE-2005-2692
Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. • http://secunia.com/advisories/16514 http://www.gulftech.org/?node=research&article_id=00094-08192005 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2005-1031
https://notcve.org/view.php?id=CVE-2005-1031
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. • http://marc.info/?l=bugtraq&m=111280711228450&w=2 http://secunia.com/advisories/14869 http://www.runcms.org/public/modules/news http://www.securityfocus.com/bid/13027 https://exchange.xforce.ibmcloud.com/vulnerabilities/20001 •