ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Asprunner | Xlinesoft | 1.0 (including) | 1.0 (including) |
Asprunner | Xlinesoft | 2.0 (including) | 2.0 (including) |
Asprunner | Xlinesoft | 2.1 (including) | 2.1 (including) |
Asprunner | Xlinesoft | 2.2 (including) | 2.2 (including) |
Asprunner | Xlinesoft | 2.3 (including) | 2.3 (including) |
Asprunner | Xlinesoft | 2.4 (including) | 2.4 (including) |