ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field...
6.6AI Score
0.013EPSS
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL...
8.2AI Score
0.005EPSS
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in.....
6.6AI Score
0.015EPSS
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error...
6.6AI Score
0.006EPSS