UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
References
Link | Resource |
---|---|
http://osvdb.org/52804 | Broken Link |
http://www.bugreport.ir/index_63.htm | Broken Link Exploit |
http://www.securityfocus.com/archive/1/501894/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2009/0750 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/49279 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/8226 | Exploit Third Party Advisory VDB Entry |
Configurations
History
14 Feb 2024, 15:19
Type | Values Removed | Values Added |
---|---|---|
CPE | ||
CWE | CWE-312 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/501894/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/0750 - Broken Link | |
References | (MISC) http://www.bugreport.ir/index_63.htm - Broken Link, Exploit | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/8226 - Exploit, Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/49279 - Third Party Advisory, VDB Entry | |
References | (OSVDB) http://osvdb.org/52804 - Broken Link |
Information
Published : 2009-03-19 10:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-0964
Mitre link : CVE-2009-0964
CVE.ORG link : CVE-2009-0964
JSON object : View
Products Affected
xlinesoft
- phprunner
CWE
CWE-312
Cleartext Storage of Sensitive Information