RunCMS system has multiple security vulnerabilities including Blind SQL Injection, Stored XSS, Linked XSS, Image XSS, Predictable session id, Vulnerable password changing algorithm, and many PHP Injections in the Administrator panel.