← back
CVE-2009-0964

CVE-2009-0964

EPSS 1.9%
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/8226unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/52804https://exchange.xforce.ibmcloud.com/vulnerabilities/49279https://www.exploit-db.com/exploits/8226http://www.bugreport.ir/index_63.htmhttp://www.securityfocus.com/archive/1/501894/100/0/threadedhttp://www.vupen.com/english/advisories/2009/0750