Vulnerabilities

CVE-2009-0964

by Fred · 19/03/2009

UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.

Date published : 2009-03-19

http://www.securityfocus.com/archive/1/501894/100/0/threaded

https://www.exploit-db.com/exploits/8226

Similar

Tags: Cybersecurity Alert