| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-6546 | 6.4 |
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 | |
| CVE-2007-6547 | 6.8 |
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 | |
| CVE-2007-6545 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly r
|
15-10-2018 - 21:55 | 28-12-2007 - 00:46 |