Max CVSS 7.5 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2007-6546 6.4
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
15-10-2018 - 21:55 28-12-2007 - 00:46
CVE-2007-6547 6.8
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
15-10-2018 - 21:55 28-12-2007 - 00:46
CVE-2007-6545 4.3
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly r
15-10-2018 - 21:55 28-12-2007 - 00:46
CVE-2007-6544 7.5
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) m
15-10-2018 - 21:55 28-12-2007 - 00:46
CVE-2007-6548 7.5
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (
15-10-2018 - 21:55 28-12-2007 - 00:46
Back to Top Mark selected
Back to Top