Vulnerabilities > CVE-2006-5956 - Local Information Disclosure vulnerability in Xlinesoft PHPrunner 3.1

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

xlinesoft

NVD

Published: 2006-11-17

Updated: 2008-09-05

Summary

XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.

Vulnerable Configurations

Part	Description	Count
Application	Xlinesoft Xlinesoft Phprunner 3.1	1

References

http://lostmon.blogspot.com/2006/11/phprunner-database-credentials.html
http://secunia.com/advisories/22863
http://securitytracker.com/id?1017218
http://www.osvdb.org/30363
http://www.securityfocus.com/bid/21054