| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-6546 | 6.4 |
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 | |
| CVE-2007-6547 | 6.8 |
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 | |
| CVE-2007-6545 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly r
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 | |
| CVE-2007-6544 | 7.5 |
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) m
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 | |
| CVE-2007-6548 | 7.5 |
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 |