Security Advisory

CVE-2009-0964

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-03-19 10:00:00

Last updated 2024-08-07 04:57:17

Assigner mitre

State PUBLISHED

Description

UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.

← Browse all CVEs View on cve.org ↗