CVE-2006-1793

Name of the Vulnerable Software and Affected Versions runCMS versions 1.2 and earlier

Description A directory traversal issue allows remote attackers to read arbitrary files. This is achieved via the bbPath[path] parameter to specific API endpoints, including "class.forumposts.php" and "forumpollrenderer.php".

Recommendations For runCMS versions 1.2 and earlier, consider restricting access to the bbPath[path] parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the bbPath[path] parameter in "class.forumposts.php" and "forumpollrenderer.php" to minimize the risk of exploitation.