Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0659

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-0659
Last Modified 08 Sep 2011 12:00:00
Published 13 Feb 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0659

Summary

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.

Vulnerable Systems

Application

  • Runcms 1.1

  • Runcms 1.1a

  • Runcms 1.2


References

BID - 16578

SECUNIA - 18800

VUPEN - ADV-2006-0503

BUGTRAQ - 20060209 runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package

MISC - http://retrogod.altervista.org/runcms_13a_xpl.html


Last Updated: 27 May 2016 10:41:45