Vulnerability Database

325,648

Total vulnerabilities in the database

CVE-2007-6544

Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.

Published: Dec 28, 2007
Updated: Nov 9, 2025
CVE: CVE-2007-6544
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
runcms / runcms	1.6	1.6.x

http://osvdb.org/41235
http://osvdb.org/41236
http://osvdb.org/41237
http://osvdb.org/41238
http://osvdb.org/41239
http://osvdb.org/41240
http://securityreason.com/securityalert/3493
http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131
http://www.securityfocus.com/archive/1/485512/100/0/threaded
http://www.securityfocus.com/bid/27019
https://exchange.xforce.ibmcloud.com/vulnerabilities/39289
https://www.exploit-db.com/exploits/4787
https://www.exploit-db.com/exploits/4790

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo