cbcvebase.

Xlinesoft Phprunner vulnerabilities

4 known vulnerabilities affecting xlinesoft/phprunner.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2009-0964P3HIGHCVSS 7.5PoC≤ 4.22009-03-19
CVE-2009-0964 [HIGH] CWE-312 CVE-2009-0964: UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the datab UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
nvd
CVE-2009-0963P3HIGHCVSS 7.5PoC≤ 4.2v3.12009-03-19
CVE-2009-0963 [HIGH] CWE-89 CVE-2009-0963: Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attacker Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
nvd
CVE-2019-25592P4MEDIUMCVSS 6.2v10.12026-03-22
CVE-2019-25592 [MEDIUM] CWE-1260 CVE-2019-25592: PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the a PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the dashboard name field. Attackers can paste a buffer of 10000 characters into the Name field during dashboard creation to trigger an application crash.
nvd
CVE-2006-5956P4LOWCVSS 2.1v3.12006-11-17
CVE-2006-5956 [LOW] CVE-2006-5956: XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.
nvd
Xlinesoft Phprunner vulnerabilities | cvebase