Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
runcms runcms 1.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0224
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and previous versions module in RunCMS 1.6.1 allows remote malicious users to execute arbitrary SQL commands via the Client-Ip parameter.
Runcms Runcms 1.6.1
Runcms Runcms 1.5.3
Runcms Runcms 1.6
1 EDB exploit
NA
CVE-2007-6544
Multiple SQL injection vulnerabilities in RunCMS prior to 1.6.1 allow remote malicious users to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) bro...
Runcms Runcms 1.6
2 EDB exploits
NA
CVE-2007-6545
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS prior to 1.6.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPag...
Runcms Runcms
1 EDB exploit
NA
CVE-2007-6546
RunCMS prior to 1.6.1 uses a predictable session id, which makes it easier for remote malicious users to hijack sessions via a modified id.
Runcms Runcms
1 EDB exploit
NA
CVE-2007-6547
RunCMS prior to 1.6.1 does not require entry of the old password during a password change, which allows context-dependent malicious users to change passwords upon obtaining temporary access to a session.
Runcms Runcms
1 EDB exploit
NA
CVE-2007-6548
Multiple direct static code injection vulnerabilities in RunCMS prior to 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter ...
Runcms Runcms
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started