ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote malicious users to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xlinesoft asprunner 2.2 |
||
xlinesoft asprunner 2.3 |
||
xlinesoft asprunner 2.4 |
||
xlinesoft asprunner 1.0 |
||
xlinesoft asprunner 2.0 |
||
xlinesoft asprunner 2.1 |