Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

RunCMS < 1.6.2 Multiple Script Remote File Inclusion



The remote host is vulnerable to a script injection attack.


The remote host is running RunCMS, a web-based content management and messaging system. This version of RunCMS is reported to be vulnerable to a number of remote file inclusion vulnerabilities. Specifically, the 'votepolls.php' and 'config.php' scripts can be tricked into opening and running scripts from a malicious webserver. An attacker exploiting these flaws would only need the ability to send requests to the application. Successful exploitation would result in the attacker executing arbitrary script code on the server.


Upgrade to version 1.6.2 or higher.