Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
Max CVSS
7.5
EPSS Score
0.29%
Published
2007-12-28
Updated
2018-10-15
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.
Max CVSS
7.5
EPSS Score
1.33%
Published
2007-05-09
Updated
2018-10-16
2 vulnerabilities found