Vulnerability Description
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xlinesoft | Phprunner | <= 4.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/52804Broken Link
- http://www.bugreport.ir/index_63.htmBroken LinkExploit
- http://www.securityfocus.com/archive/1/501894/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2009/0750Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49279Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/8226ExploitThird Party AdvisoryVDB Entry
- http://osvdb.org/52804Broken Link
- http://www.bugreport.ir/index_63.htmBroken LinkExploit
- http://www.securityfocus.com/archive/1/501894/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2009/0750Broken Link
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49279Third Party AdvisoryVDB Entry
- https://www.exploit-db.com/exploits/8226ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2009-0964?
CVE-2009-0964 is a vulnerability with a CVSS score of 7.5 (HIGH). UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL inj...
How severe is CVE-2009-0964?
CVE-2009-0964 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0964?
Check the references section above for vendor advisories and patch information. Affected products include: Xlinesoft Phprunner.