Vulnerability Description
XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xlinesoft | Phprunner | 3.1 |
References
- http://lostmon.blogspot.com/2006/11/phprunner-database-credentials.html
- http://secunia.com/advisories/22863
- http://securitytracker.com/id?1017218
- http://www.osvdb.org/30363
- http://www.securityfocus.com/bid/21054
- http://lostmon.blogspot.com/2006/11/phprunner-database-credentials.html
- http://secunia.com/advisories/22863
- http://securitytracker.com/id?1017218
- http://www.osvdb.org/30363
- http://www.securityfocus.com/bid/21054
FAQ
What is CVE-2006-5956?
CVE-2006-5956 is a vulnerability with a CVSS score of 2.1 (LOW). XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive i...
How severe is CVE-2006-5956?
CVE-2006-5956 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5956?
Check the references section above for vendor advisories and patch information. Affected products include: Xlinesoft Phprunner.