CVE-2006-1793

runcms < 1.2 - Directory Traversal via bbPath[path] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1793. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets RunCMS versions <= 1.3a, leveraging arbitrary remote file inclusion and local file inclusion vulnerabilities to execute arbitrary commands. It also exploits an outdated FCKEditor component for shell uploads.

Description

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1485

View Code ZIP pw:eip

This exploit targets RunCMS versions <= 1.3a, leveraging arbitrary remote file inclusion and local file inclusion vulnerabilities to execute arbitrary commands. It also exploits an outdated FCKEditor component for shell uploads.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: RunCMS <= 1.3a

No auth needed

Prerequisites: register_globals = On & allow_url_fopen = On for remote inclusion · magic_quotes_gpc = Off for local inclusion

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16578

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/424708

Exploit x_refsource_misc

http://retrogod.altervista.org/runcms_13a_xpl.html

Scores

EPSS 0.0356

EPSS Percentile 87.8%

Details

Status published

Products (3)

runcms/runcms 1.1

runcms/runcms 1.1a

runcms/runcms < 1.2

Published Apr 17, 2006

Tracked Since Feb 18, 2026