SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.
8.2AI Score
0.005EPSS
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.
6.6AI Score
0.006EPSS
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in e...
6.6AI Score
0.015EPSS
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
6.6AI Score
0.013EPSS