xlinesoft 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk sql injection and vendor risk cross-site scripting などに関し、一部は vendor impact data exposure を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2009-0964 | UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication. | [email protected] | 7.5 | 1.05% | 2009-03-19 | 2026-04-23 |
| CVE-2009-0963 | Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. | [email protected] | 7.5 | 1.77% | 2009-03-19 | 2026-04-23 |
| CVE-2006-5956 | XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | [email protected] | 2.1 | 0.08% | 2006-11-17 | 2026-04-23 |
| CVE-2004-2060 | ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | [email protected] | 5.0 | 9.19% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2059 | Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp. | [email protected] | 5.0 | 10.16% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2058 | ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. | [email protected] | 5.0 | 0.81% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2057 | SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. | [email protected] | 7.5 | 1.23% | 2004-12-31 | 2026-04-16 |