VYPR
Unrated severityNVD Advisory· Published Mar 19, 2009· Updated Jun 16, 2026

CVE-2009-0963

CVE-2009-0963

Description

Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:xlinesoft:phprunner:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xlinesoft:phprunner:*:*:*:*:*:*:*:*range: <=4.2
    • cpe:2.3:a:xlinesoft:phprunner:3.1:*:*:*:*:*:*:*
  • Range: <=4.2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.