CVE-2011-2148

CVE-2011-2148 affects SmarterTools SmarterStats 6.0: Admin/frmSite.aspx allows remote command execution via OS command injection. The attacker can exploit a leading/trailing & and specific parameters (STTTState cookie; txtAdminNewPassword_SettingText; txtSmarterLogDirectory; ucSiteSeoSearchEngine...

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...