CVE-2008-6212

Cross-site scripting XSS vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the 1 selmese and 2 selanno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the 1 selmese and 2 selanno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2008-6212

Cross-site scripting XSS vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the 1 selmese and 2 selanno parameters in a systems action. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

CVE-2008-6212

Php-Stats 0.1.9.1 is affected by a cross-site scripting (XSS) vulnerability in admin.php, exploitable via the sel_mese and sel_anno parameters in a systems action. The issue could allow a remote attacker to inject arbitrary web script or HTML when the affected page is loaded. No remediation detai...

PHP-Stats 0.1.9.1 - admin.php Multiple Cross-Site Scripting Vulnerabilities

PHP-Stats 0.1.9.1 - admin.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28824/info Php-Stats is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to...

PHP-Stats 0.1.9.1 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/28824/info Php-Stats is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

CVE-2007-5452

Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the 1 ip or 2 t parameter...

CVE-2007-5453

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

Sql injection

Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the 1 ip or 2 t parameter...

Sql injection

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

CVE-2007-5452

Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the 1 ip or 2 t parameter...

CVE-2007-5453

CVE-2007-5453 concerns Php-Stats 0.1.9.2, which contains multiple eval-injection vulnerabilities. The issue allows remote authenticated administrators to execute arbitrary code by injecting PHP sequences into the php-stats-options record in the _options table, which is subsequently evaluated via ...

CVE-2007-5452

Multiple SQL injection vulnerabilities exist in Php-Stats 0.1.9.2, specifically in php-stats.recjs.php, that allow remote attackers to execute arbitrary SQL commands via the (1) ip and (2) t parameters. The affected product is Php-Stats 0.1.9.2, with the issue described in CVE-2007-5452. The conn...

CVE-2007-5453

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

phpstats-multi.txt

32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106. $tmpTitle=htmlspecialcharsaddslashesurldecode$GET't'; 107. if$tmpTitle!='\\\" t \\\"' $title=$tmpTitle; 108. 109. 174. if $loaded=='?' && $title!='?' 175. $result=sqlquery"SELECT lastpage FROM...

Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit

No description provided by source. ?php / Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit Blind SQL Injection / Remote Code Execution P.o.C. author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://php-stats.com/downloads details..: works with magicquotesruntime = off 1 Blind SQL...

PHP-Stats 0.1.9.2 - Multiple Vulnerabilities

PHP-Stats 0.1.9.2 - Multiple Vulnerabilities 32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106. $tmpTitle=htmlspecialcharsaddslashesurldecode$GET't'; 107. if$tmpTitle!='\\\" t \\\"' $title=$tmpTitle; 108. 109. 174. if $loaded=='?' && $title!='?' 175...

Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit

Exploit for unknown platform in category web applications ================================================== Php-Stats 0.1.9.2 Multiple Vulnerabilities Exploit ================================================== 32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106...

phpstats0192-xss.txt

I found a new xss in php-stats 0.1.9.2 http://phpstats.net/ http://www.example.com/php-stats-path/tracking.php?what=online&ip=XSS Stats must have public access for this difference from whois.php XSS...

Cross site scripting

Cross-site scripting XSS vulnerability in tracking.php in PHP-Stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the ip parameter in an online action, a different vector than CVE-2007-4334...