CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 2CVE-2007-6545 – RunCMS 1.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6545
28 Dec 2007 — Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en RunCMS anterior a 1.6.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecc... • https://www.exploit-db.com/exploits/4790 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2007-6546 – RunCMS 1.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6546
28 Dec 2007 — RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. RunCMS anterior a 1.6.1 usa un identificador de sesión predecible, lo cual facilita a los atacantes remotos secuestrar sesiones mediante un id modificado. • https://www.exploit-db.com/exploits/4790 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2007-6547 – RunCMS 1.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6547
28 Dec 2007 — RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. RunCMS anterior a 1.6.1 no requiere la introducción de la contraseña antigua durante un cambio de contraseña, lo cual permite a usuarios locales o remotos (dependiendo del contexto) cambiar contraseñas si obtienen acceso temporal a una sesión. • https://www.exploit-db.com/exploits/4790 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2007-6548 – RunCMS 1.6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6548
28 Dec 2007 — Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6)... • https://www.exploit-db.com/exploits/4790 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6549
https://notcve.org/view.php?id=CVE-2007-6549
28 Dec 2007 — Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." Vulnerabilidad no especificada en RunCMS anterior a 1.6.1 tiene impacto y vectores de ataque desconocidos, relacionados con "el uso de pagetype (tipo de página)". • http://osvdb.org/41252 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2007-2538 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2538
09 May 2007 — SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. Vulnerabilidad de inyección SQL en class/debug/debug_show.php de RunCms 1.5.2 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro de tipo array executed_queries. • https://www.exploit-db.com/exploits/3850 •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 1CVE-2007-2539 – RunCMS 1.5.2 - 'debug_show.php' SQL Injection
https://notcve.org/view.php?id=CVE-2007-2539
09 May 2007 — The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. La función show_files de RunCms 1.5.2 y anteriores permite a atacantes remotos obtener información sensible (existencia de fichero y metadatos de fichero) a través de vectores no especificados. • https://www.exploit-db.com/exploits/3850 •
CVSS: 6.1EPSS: 8%CPEs: 6EXPL: 4CVE-2006-1216 – RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1216
14 Mar 2006 — Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. • https://www.exploit-db.com/exploits/27360 •
CVSS: 6.1EPSS: 5%CPEs: 6EXPL: 4CVE-2006-0875 – RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-0875
24 Feb 2006 — Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. • https://www.exploit-db.com/exploits/27256 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 3CVE-2006-0721 – RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-0721
16 Feb 2006 — SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. Vulnerabilidad de inyección de SQL en pmlite.php en RunCMS 1.2 y 1.3a permite a atacantes remotos ejecutar órdenes SQL de su elección mediante el parámetro "to_userid". • https://www.exploit-db.com/exploits/27226 •