ASPRunner contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in all pages (except the login pages) are not verified properly and will allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.