CVE-2006-0659

RunCMS < 1.2 - Remote Code Execution via bbPath[path] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0659.

AI-analyzed exploit summary This PHP script exploits a remote file inclusion vulnerability in RunCMS versions <= 1.2 and a file upload vulnerability in RunCMS 1.3a via FCKEditor. It allows arbitrary command execution by including remote or local files through manipulated paths.

Description

Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.

Exploits (1)

exploitdb WORKING POC
phpwebappsphp
https://www.exploit-db.com/exploits/1485

This PHP script exploits a remote file inclusion vulnerability in RunCMS versions <= 1.2 and a file upload vulnerability in RunCMS 1.3a via FCKEditor. It allows arbitrary command execution by including remote or local files through manipulated paths.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: RunCMS <= 1.3a
No auth needed
Prerequisites: register_globals = On & allow_url_fopen = On (for remote inclusion) · magic_quotes_gpc = Off (for local inclusion) · FCKEditor integration (for file upload)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16578
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18800
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0503
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/424708

Scores

EPSS 0.0582
EPSS Percentile 90.8%

Details

CWE
CWE-94
Status published
Products (3)
runcms/runcms 1.1
runcms/runcms 1.1a
runcms/runcms < 1.2
Published Feb 13, 2006
Tracked Since Feb 18, 2026