{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25594", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T12:54:32.136Z", "datePublished": "2026-03-22T13:38:31.897Z", "dateUpdated": "2026-03-24T15:14:49.550Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:31.897Z"}, "datePublic": "2019-05-09T00:00:00.000Z", "title": "ASPRunner.NET 10.1 Denial of Service via Table Name Field", "descriptions": [{"lang": "en", "value": "ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Reliance on Untrusted Inputs in a Security Decision", "cweId": "CWE-807", "type": "CWE"}]}], "affected": [{"vendor": "Xlinesoft", "product": "ASPRunner.NET", "versions": [{"version": "10.1", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xlinesoft:phprunner:10.1:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46823", "name": "ExploitDB-46823", "tags": ["exploit"]}, {"url": "https://xlinesoft.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://xlinesoft.com/asprunnernet/download.htm", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: ASPRunner.NET 10.1 Denial of Service via Table Name Field", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/asprunner-net-denial-of-service-via-table-name-field"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:01:15.355508Z", "id": "CVE-2019-25594", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:14:49.550Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25594", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:01:15.355508Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:01:16.540Z"}}], "cna": {"title": "ASPRunner.NET 10.1 Denial of Service via Table Name Field", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Xlinesoft", "product": "ASPRunner.NET", "versions": [{"status": "affected", "version": "10.1"}]}], "datePublic": "2019-05-09T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46823", "name": "ExploitDB-46823", "tags": ["exploit"]}, {"url": "https://xlinesoft.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://xlinesoft.com/asprunnernet/download.htm", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/asprunner-net-denial-of-service-via-table-name-field", "name": "VulnCheck Advisory: ASPRunner.NET 10.1 Denial of Service via Table Name Field", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-807", "description": "Reliance on Untrusted Inputs in a Security Decision"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xlinesoft:phprunner:10.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:31.897Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25594", "state": "PUBLISHED", "dateUpdated": "2026-03-24T15:14:49.550Z", "dateReserved": "2026-03-22T12:54:32.136Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:31.897Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the table name field. Attackers can input a buffer of 10000 characters in the table name parameter during database table creation to trigger an application crash."}, {"lang": "es", "value": "ASPRunner.NET 10.1 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al proporcionar una cadena excesivamente larga en el campo del nombre de la tabla. Los atacantes pueden introducir un b\u00fafer de 10000 caracteres en el par\u00e1metro del nombre de la tabla durante la creaci\u00f3n de la tabla de la base de datos para provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2019-25594", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:26.220", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46823"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/asprunner-net-denial-of-service-via-table-name-field"}, {"source": "disclosure@vulncheck.com", "url": "https://xlinesoft.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://xlinesoft.com/asprunnernet/download.htm"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-807"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "10.1"}}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "ASPRunner.NET", "source": "cna", "vendor": "Xlinesoft"}, "product": "phprunner", "vendor": "xlinesoft"}], "analysis": {"en": {"generated_at": "2026-03-22T14:43:48.127097+00:00", "value": {"mitigation_remediation": ["Apply an official patch or upgrade ASPRunner.NET to a version that addresses the issue.", "If a patch is not available, restrict or disable the ability to create new database tables via the application, limiting the endpoint to trusted users.", "Implement input validation or length limits on the table name field at the application or web server level.", "Monitor logs for attempts to create tables with unusually long names and investigate.", "Contact Xlinesoft support for guidance on mitigating the vulnerability until a patch is released."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "This flaw exists in Xlinesoft's ASPRunner.NET version 10.1. Any deployment of that version is susceptible when users can create database tables through the web interface.", "description_and_impact": "The vulnerability allows a local attacker to cause the ASPRunner.NET application to crash by submitting an excessively long string in the table name field during database table creation. This results in a denial of service as the application terminates unexpectedly. The weakness corresponds to CWE\u2011807, which is a buffer overflow via string handling.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate to high impact, and the EPSS score is unavailable, suggesting limited public data on exploit frequency. Attackers need local access to the application and must be able to trigger table creation to send a 10,000\u2011character string. No known public patches are listed, and the vulnerability is not in CISA's KEV catalog, but an exploit is documented on Exploit\u2011DB, implying the problem is actively exploitable. The risk is therefore significant for environments where the application is not adequately restricted."}}}}, "created": "2026-03-23T09:46:24.623827+00:00", "updated": "2026-03-25T14:46:22.707176+00:00", "vendors": ["xlinesoft", "xlinesoft$PRODUCT$phprunner"]}