CVE-2006-1793

runCMS <1.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1485

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16578

[Exploit, Vendor Advisory] http://www.securityfocus.com/archive/1/424708

[Exploit] http://retrogod.altervista.org/runcms_13a_xpl.html

Scores

EPSS 0.0228

EPSS Percentile 84.7%

Details

Status published

Products (3)

runcms/runcms 1.1

runcms/runcms 1.1a

runcms/runcms < 1.2

Published Apr 17, 2006

Tracked Since Feb 18, 2026