VYPR

Phprunner

by Xlinesoft

CVEs (3)

  • CVE-2009-0964HigMar 19, 2009
    risk 0.52cvss 7.5epss 0.02

    UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.

  • CVE-2009-0963Mar 19, 2009
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

  • CVE-2006-5956Nov 17, 2006
    risk 0.00cvss epss 0.00

    XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.