UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without...
7.5CVSS
7.9AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4)...
8.8AI Score
0.003EPSS
XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the...
6.1AI Score
0.0004EPSS
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field...
6.6AI Score
0.013EPSS
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL...
8.2AI Score
0.005EPSS
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in.....
6.6AI Score
0.015EPSS
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error...
6.6AI Score
0.006EPSS