CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-7221
https://notcve.org/view.php?id=CVE-2008-7221
14 Sep 2009 — Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en RunCMS v1.6.1, permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que (1) añadan nuevos administradores o (2) modifiquen perfiles de usuario a travé... • http://www.securityfocus.com/archive/1/488287/100/200/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-7222 – RunCMS 1.6.1 - 'admin.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-7222
14 Sep 2009 — Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en system/admin.php de RunCMS v1.6.1, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de un parámetro rank_title en una acción RankForumAdd. • https://www.exploit-db.com/exploits/31225 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2008-3354 – RunCMS 1.6.1 - 'bbPath[path]' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-3354
28 Jul 2008 — Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inclusión remota de fichero PHP en el módulo Newb... • https://www.exploit-db.com/exploits/32099 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2008-0224 – RunCMS Newbb_plus 0.92 - Client IP SQL Injection
https://notcve.org/view.php?id=CVE-2008-0224
10 Jan 2008 — SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. Vulnerabilidad de inyección SQL en index.php del módulo Newbb_plus 0.92 y anteriores para RunCMS 1.6.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro Client-Ip. • https://www.exploit-db.com/exploits/4845 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •