Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
36 vulnerabilities found for php-stats by php-stats
FKIE_CVE-2008-6212
Vulnerability from fkie_nvd - Published: 2009-02-20 01:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:0.1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D49182A-48AE-4AE4-9BD9-D6891C025B21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en admin.php en Php-Stats v0.1.9.1, permite a atacantes remotos inyectar secuencias de comandos web de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) \"sel_mese\" y (2) \"sel_anno\" en una acci\u00f3n a systems. NOTA: el origen de esta informaci\u00f3n es desconocido. Los detalles han sido obtenidos a partir de terceros."
}
],
"id": "CVE-2008-6212",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-20T01:30:05.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28824"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5452
Vulnerability from fkie_nvd - Published: 2007-10-14 18:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:0.1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60C5EA8E-89BD-491B-AA76-68E601FCECA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en php-stats.recjs.php de Php-Stats 0.1.9.2 permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) ip \u00f3 (2) t."
}
],
"id": "CVE-2007-5452",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-14T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40608"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26022"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4513"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-5453
Vulnerability from fkie_nvd - Published: 2007-10-14 18:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:0.1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60C5EA8E-89BD-491B-AA76-68E601FCECA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de evaluaci\u00f3n en Php-Stats 0.1.9.2 permiten a administradores remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n al escribir secuencias PHP en el registro php-stats-options en la tabla _options, que se usa en una llamada a funci\u00f3n eval por (1) admin.php, (2) click.php, (3) download.php, y otros ficheros no especificados, como se demuestra modificando _options a trav\u00e9s de una acci\u00f3n de recuperaci\u00f3n de copia de seguridad en admin.php."
}
],
"id": "CVE-2007-5453",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-14T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/43480"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26022"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/43480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4513"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4917
Vulnerability from fkie_nvd - Published: 2007-09-17 17:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:0.1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60C5EA8E-89BD-491B-AA76-68E601FCECA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en tracking.php en PHP-Stats 0.1.9.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro ip en una acci\u00f3n online, un vector diferente que CVE-2007-4334."
}
],
"id": "CVE-2007-4917",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-17T17:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3149"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25674"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4334
Vulnerability from fkie_nvd - Published: 2007-08-14 18:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:0.1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60C5EA8E-89BD-491B-AA76-68E601FCECA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en whois.php de Php-stats 0.1.9.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro IP."
}
],
"id": "CVE-2007-4334",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-14T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36421"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26422"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3003"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25275"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-7172
Vulnerability from fkie_nvd - Published: 2007-03-20 22:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99E1B328-0477-4196-9C2F-D968933A4EF7",
"versionEndIncluding": "0.1.9.1b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER[\u0027HTTP_PC_REMOTE_ADDR\u0027], or (2) ip parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en php-stats.recphp.php en PHP-Stats 0.1.9.1b y anteriores permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un importante punto-cuadrado\t\r\nde cadena de direcci\u00f3n IP en la cabecera (1) PC-REMOTE-ADDR HTTP, la cual es insertada dentro de $_SERVER[\u0027HTTP_PC_REMOTE_ADDR\u0027], o (2) par\u00e1metro ip."
}
],
"id": "CVE-2006-7172",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-20T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34280"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24553"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3497"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-7173
Vulnerability from fkie_nvd - Published: 2007-03-20 22:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99E1B328-0477-4196-9C2F-D968933A4EF7",
"versionEndIncluding": "0.1.9.1b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de c\u00f3digo est\u00e1tico en admin.php de PHP-Stats 0.1.9.1b y anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante una par\u00e1metro option_new[report_w_day] artesanal en una acci\u00f3n preferenze, el cual puede ser accedido posteriormente mediante option/php-stats-options.php."
}
],
"id": "CVE-2006-7173",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-20T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24553"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3502"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1087
Vulnerability from fkie_nvd - Published: 2006-03-09 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DB8B6-05FF-4B6D-BB11-CE5CC3CBFA70",
"versionEndIncluding": "0.1.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability."
}
],
"id": "CVE-2006-1087",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1083
Vulnerability from fkie_nvd - Published: 2006-03-09 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DB8B6-05FF-4B6D-BB11-CE5CC3CBFA70",
"versionEndIncluding": "0.1.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085."
}
],
"id": "CVE-2006-1083",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1085
Vulnerability from fkie_nvd - Published: 2006-03-09 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DB8B6-05FF-4B6D-BB11-CE5CC3CBFA70",
"versionEndIncluding": "0.1.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password."
}
],
"id": "CVE-2006-1085",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1088
Vulnerability from fkie_nvd - Published: 2006-03-09 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DB8B6-05FF-4B6D-BB11-CE5CC3CBFA70",
"versionEndIncluding": "0.1.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix."
}
],
"id": "CVE-2006-1088",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1084
Vulnerability from fkie_nvd - Published: 2006-03-09 00:02 - Updated: 2026-04-16 00:27
Severity ?
Summary
Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php-stats:php-stats:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84DB8B6-05FF-4B6D-BB11-CE5CC3CBFA70",
"versionEndIncluding": "0.1.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php."
}
],
"id": "CVE-2006-1084",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T00:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "cve@mitre.org",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0822"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-6212 (GCVE-0-2008-6212)
Vulnerability from cvelistv5 – Published: 2009-02-20 01:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28824"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"name": "phpstats-admin-xss(42729)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28824"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"name": "phpstats-admin-xss(42729)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28824"
},
{
"name": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html",
"refsource": "MISC",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"name": "http://www.securityfocus.com/bid/28824/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"name": "phpstats-admin-xss(42729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6212",
"datePublished": "2009-02-20T01:00:00.000Z",
"dateReserved": "2009-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:20:25.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5453 (GCVE-0-2007-5453)
Vulnerability from cvelistv5 – Published: 2007-10-14 18:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2007-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43480",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43480"
},
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43480",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43480"
},
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43480",
"refsource": "OSVDB",
"url": "http://osvdb.org/43480"
},
{
"name": "4513",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "26022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5453",
"datePublished": "2007-10-14T18:00:00.000Z",
"dateReserved": "2007-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:58.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5452 (GCVE-0-2007-5452)
Vulnerability from cvelistv5 – Published: 2007-10-14 18:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2007-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:59.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "40608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40608"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "40608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40608"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4513",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "40608",
"refsource": "OSVDB",
"url": "http://osvdb.org/40608"
},
{
"name": "26022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5452",
"datePublished": "2007-10-14T18:00:00.000Z",
"dateReserved": "2007-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:59.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4917 (GCVE-0-2007-4917)
Vulnerability from cvelistv5 – Published: 2007-09-17 17:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2007-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3149",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3149"
},
{
"name": "phpstats-tracking-xss(36616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
},
{
"name": "20070914 new XSS vulnerability in php-stats -tracking.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"name": "25674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3149",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3149"
},
{
"name": "phpstats-tracking-xss(36616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
},
{
"name": "20070914 new XSS vulnerability in php-stats -tracking.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"name": "25674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3149",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3149"
},
{
"name": "phpstats-tracking-xss(36616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
},
{
"name": "20070914 new XSS vulnerability in php-stats -tracking.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"name": "25674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4917",
"datePublished": "2007-09-17T17:00:00.000Z",
"dateReserved": "2007-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4334 (GCVE-0-2007-4334)
Vulnerability from cvelistv5 – Published: 2007-08-14 18:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2007-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3003",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3003"
},
{
"name": "36421",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36421"
},
{
"name": "20070811 php-stats xss whois.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"name": "phpstats-whois-xss(35965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
},
{
"name": "25275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25275"
},
{
"name": "26422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3003",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3003"
},
{
"name": "36421",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36421"
},
{
"name": "20070811 php-stats xss whois.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"name": "phpstats-whois-xss(35965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
},
{
"name": "25275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25275"
},
{
"name": "26422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26422"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3003",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3003"
},
{
"name": "36421",
"refsource": "OSVDB",
"url": "http://osvdb.org/36421"
},
{
"name": "20070811 php-stats xss whois.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"name": "phpstats-whois-xss(35965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
},
{
"name": "25275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25275"
},
{
"name": "26422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26422"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4334",
"datePublished": "2007-08-14T18:00:00.000Z",
"dateReserved": "2007-08-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7172 (GCVE-0-2006-7172)
Vulnerability from cvelistv5 – Published: 2007-03-20 22:00 – Updated: 2024-08-07 20:57
VLAI?
Summary
Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-03-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "3496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"name": "34280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34280"
},
{
"name": "phpstats-phpstatsrecphp-sql-injection(33031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER[\u0027HTTP_PC_REMOTE_ADDR\u0027], or (2) ip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "3496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"name": "34280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34280"
},
{
"name": "phpstats-phpstatsrecphp-sql-injection(33031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER[\u0027HTTP_PC_REMOTE_ADDR\u0027], or (2) ip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24553"
},
{
"name": "3496",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"name": "34280",
"refsource": "OSVDB",
"url": "http://osvdb.org/34280"
},
{
"name": "phpstats-phpstatsrecphp-sql-injection(33031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"name": "ADV-2007-1004",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3497",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7172",
"datePublished": "2007-03-20T22:00:00.000Z",
"dateReserved": "2007-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:57:40.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7173 (GCVE-0-2006-7173)
Vulnerability from cvelistv5 – Published: 2007-03-20 22:00 – Updated: 2024-08-07 20:57
VLAI?
Summary
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2006-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:39.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3502",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3502",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24553"
},
{
"name": "ADV-2007-1004",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3502",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7173",
"datePublished": "2007-03-20T22:00:00.000Z",
"dateReserved": "2007-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:57:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6212 (GCVE-0-2008-6212)
Vulnerability from nvd – Published: 2009-02-20 01:00 – Updated: 2024-08-07 11:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2008-04-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:20:25.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28824",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28824"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"name": "phpstats-admin-xss(42729)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28824",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28824"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"name": "phpstats-admin-xss(42729)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28824"
},
{
"name": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html",
"refsource": "MISC",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln28824.html"
},
{
"name": "http://www.securityfocus.com/bid/28824/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/28824/exploit"
},
{
"name": "phpstats-admin-xss(42729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6212",
"datePublished": "2009-02-20T01:00:00.000Z",
"dateReserved": "2009-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:20:25.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5453 (GCVE-0-2007-5453)
Vulnerability from nvd – Published: 2007-10-14 18:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2007-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43480",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43480"
},
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43480",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43480"
},
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43480",
"refsource": "OSVDB",
"url": "http://osvdb.org/43480"
},
{
"name": "4513",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "26022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5453",
"datePublished": "2007-10-14T18:00:00.000Z",
"dateReserved": "2007-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:58.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5452 (GCVE-0-2007-5452)
Vulnerability from nvd – Published: 2007-10-14 18:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2007-10-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:59.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "40608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40608"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4513",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "40608",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40608"
},
{
"name": "26022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26022"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4513",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4513"
},
{
"name": "40608",
"refsource": "OSVDB",
"url": "http://osvdb.org/40608"
},
{
"name": "26022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26022"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5452",
"datePublished": "2007-10-14T18:00:00.000Z",
"dateReserved": "2007-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:59.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4917 (GCVE-0-2007-4917)
Vulnerability from nvd – Published: 2007-09-17 17:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2007-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3149",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3149"
},
{
"name": "phpstats-tracking-xss(36616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
},
{
"name": "20070914 new XSS vulnerability in php-stats -tracking.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"name": "25674",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3149",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3149"
},
{
"name": "phpstats-tracking-xss(36616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
},
{
"name": "20070914 new XSS vulnerability in php-stats -tracking.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"name": "25674",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3149",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3149"
},
{
"name": "phpstats-tracking-xss(36616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36616"
},
{
"name": "20070914 new XSS vulnerability in php-stats -tracking.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479439/100/0/threaded"
},
{
"name": "25674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4917",
"datePublished": "2007-09-17T17:00:00.000Z",
"dateReserved": "2007-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4334 (GCVE-0-2007-4334)
Vulnerability from nvd – Published: 2007-08-14 18:00 – Updated: 2024-08-07 14:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2007-08-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:55.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3003",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3003"
},
{
"name": "36421",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36421"
},
{
"name": "20070811 php-stats xss whois.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"name": "phpstats-whois-xss(35965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
},
{
"name": "25275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25275"
},
{
"name": "26422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26422"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3003",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3003"
},
{
"name": "36421",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36421"
},
{
"name": "20070811 php-stats xss whois.php",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"name": "phpstats-whois-xss(35965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
},
{
"name": "25275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25275"
},
{
"name": "26422",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26422"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3003",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3003"
},
{
"name": "36421",
"refsource": "OSVDB",
"url": "http://osvdb.org/36421"
},
{
"name": "20070811 php-stats xss whois.php",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/476139/100/0/threaded"
},
{
"name": "phpstats-whois-xss(35965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35965"
},
{
"name": "25275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25275"
},
{
"name": "26422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26422"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4334",
"datePublished": "2007-08-14T18:00:00.000Z",
"dateReserved": "2007-08-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:53:55.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7172 (GCVE-0-2006-7172)
Vulnerability from nvd – Published: 2007-03-20 22:00 – Updated: 2024-08-07 20:57
VLAI?
Summary
Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2006-03-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "3496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"name": "34280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34280"
},
{
"name": "phpstats-phpstatsrecphp-sql-injection(33031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3497"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER[\u0027HTTP_PC_REMOTE_ADDR\u0027], or (2) ip parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "3496",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"name": "34280",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34280"
},
{
"name": "phpstats-phpstatsrecphp-sql-injection(33031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3497",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3497"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER[\u0027HTTP_PC_REMOTE_ADDR\u0027], or (2) ip parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24553"
},
{
"name": "3496",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3496"
},
{
"name": "34280",
"refsource": "OSVDB",
"url": "http://osvdb.org/34280"
},
{
"name": "phpstats-phpstatsrecphp-sql-injection(33031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031"
},
{
"name": "ADV-2007-1004",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3497",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3497"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7172",
"datePublished": "2007-03-20T22:00:00.000Z",
"dateReserved": "2007-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:57:40.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-7173 (GCVE-0-2006-7173)
Vulnerability from nvd – Published: 2007-03-20 22:00 – Updated: 2024-08-07 20:57
VLAI?
Summary
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2006-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:39.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3502",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3502"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24553",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24553"
},
{
"name": "ADV-2007-1004",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3502",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3502"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24553"
},
{
"name": "ADV-2007-1004",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1004"
},
{
"name": "3502",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3502"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7173",
"datePublished": "2007-03-20T22:00:00.000Z",
"dateReserved": "2007-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:57:39.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1084 (GCVE-0-2006-1084)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/php_stats_0191_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"name": "http://www.phpstats.net/forum/viewtopic.php?t=140",
"refsource": "MISC",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1084",
"datePublished": "2006-03-09T00:00:00.000Z",
"dateReserved": "2006-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1083 (GCVE-0-2006-1083)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/php_stats_0191_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"name": "http://www.phpstats.net/forum/viewtopic.php?t=140",
"refsource": "MISC",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1083",
"datePublished": "2006-03-09T00:00:00.000Z",
"dateReserved": "2006-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1088 (GCVE-0-2006-1088)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/php_stats_0191_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"name": "http://www.phpstats.net/forum/viewtopic.php?t=140",
"refsource": "MISC",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1088",
"datePublished": "2006-03-09T00:00:00.000Z",
"dateReserved": "2006-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1087 (GCVE-0-2006-1087)
Vulnerability from nvd – Published: 2006-03-09 00:00 – Updated: 2024-08-07 16:56
VLAI?
Summary
Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Date Public ?
2006-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16963"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0822"
},
{
"name": "20060322 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/428614/100/0/threaded"
},
{
"name": "http://retrogod.altervista.org/php_stats_0191_adv.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/php_stats_0191_adv.html"
},
{
"name": "20060304 PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426762/100/0/threaded"
},
{
"name": "20060327 Re: PHP-Stats \u003c= 0.1.9.1 remote commands execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/429145/100/0/threaded"
},
{
"name": "19116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19116"
},
{
"name": "16963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16963"
},
{
"name": "http://www.phpstats.net/forum/viewtopic.php?t=140",
"refsource": "MISC",
"url": "http://www.phpstats.net/forum/viewtopic.php?t=140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1087",
"datePublished": "2006-03-09T00:00:00.000Z",
"dateReserved": "2006-03-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}