Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
runcms runcms 1.6.1 vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2008-0224
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and previous versions module in RunCMS 1.6.1 allows remote malicious users to execute arbitrary SQL commands via the Client-Ip parameter.
Runcms Runcms 1.6.1
Runcms Runcms 1.5.3
Runcms Runcms 1.6
1 EDB exploit
435
VMScore
CVE-2008-7222
Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote malicious users to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.
Runcms Runcms 1.6.1
1 EDB exploit
605
VMScore
CVE-2008-7221
Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote malicious users to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.
Runcms Runcms 1.6.1
760
VMScore
CVE-2008-3354
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config...
Runcms Newbb Plus Module 0.93
Runcms Runcms 1.6.1
2 EDB exploits
668
VMScore
CVE-2007-6549
Unspecified vulnerability in RunCMS prior to 1.6.1 has unknown impact and attack vectors, related to "pagetype using."
Runcms Runcms
645
VMScore
CVE-2007-6546
RunCMS prior to 1.6.1 uses a predictable session id, which makes it easier for remote malicious users to hijack sessions via a modified id.
Runcms Runcms
1 EDB exploit
685
VMScore
CVE-2007-6547
RunCMS prior to 1.6.1 does not require entry of the old password during a password change, which allows context-dependent malicious users to change passwords upon obtaining temporary access to a session.
Runcms Runcms
1 EDB exploit
435
VMScore
CVE-2007-6545
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS prior to 1.6.1 allow remote malicious users to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPag...
Runcms Runcms
1 EDB exploit
760
VMScore
CVE-2007-6544
Multiple SQL injection vulnerabilities in RunCMS prior to 1.6.1 allow remote malicious users to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) bro...
Runcms Runcms 1.6
2 EDB exploits
755
VMScore
CVE-2007-6548
Multiple direct static code injection vulnerabilities in RunCMS prior to 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter ...
Runcms Runcms
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started