Vulnerabilities > Xlinesoft > Phprunner
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-19 | CVE-2009-0964 | Cleartext Storage of Sensitive Information vulnerability in Xlinesoft PHPrunner UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. | 7.5 |
| 2009-03-19 | CVE-2009-0963 | SQL Injection vulnerability in Xlinesoft PHPrunner 3.1 Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | 7.5 |
| 2006-11-17 | CVE-2006-5956 | Local Information Disclosure vulnerability in Xlinesoft PHPrunner 3.1 XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | 2.1 |