CVE-2006-0659

Name of the Vulnerable Software and Affected Versions RunCMS versions 1.2 and earlier

Description The issue allows remote attackers to execute arbitrary code due to multiple PHP remote file include vulnerabilities. This is possible when register globals and allow url fopen are enabled. The vulnerability can be exploited via the bbPath[path] parameter in files such as class.forumposts.php and forumpollrenderer.php.

Recommendations For RunCMS versions 1.2 and earlier, consider disabling the register globals and allow url fopen settings to mitigate the risk of exploitation. As a temporary workaround, restrict access to the vulnerable files class.forumposts.php and forumpollrenderer.php until a patch is available. Avoid using the bbPath[path] parameter in affected API endpoints until the issue is resolved.