Vulnerabilities > Xlinesoft > Phprunner > 3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-19 | CVE-2009-0963 | SQL Injection vulnerability in Xlinesoft PHPrunner 3.1 Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | 7.5 |
2006-11-17 | CVE-2006-5956 | Local Information Disclosure vulnerability in Xlinesoft PHPrunner 3.1 XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | 2.1 |