Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and previous versions, with register_globals and allow_url_fopen enabled, allow remote malicious users to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
runcms runcms 1.1a |
||
runcms runcms 1.1 |
||
runcms runcms |