CVE-2026-48240

Open ISES Tickets ≤ 3.44.2 contains a SQL injection in ajax/statistics.php where POST tick_id and f_tick_id are concatenated into WHERE clauses of statistics rollup queries without sanitization. This allows authenticated users to alter query semantics and read/modify/destroy database contents. A ...

Cross-site Scripting (XSS)

forkcms is vulnerable to cross-site scripting XSS attacks. The library does not properly escape special characters in the src/Backend/Modules/Search/Actions/Statistics.php file, allowing a malicious user to inject and execute arbitrary web script...

dogshow.sk XSS vulnerability

Vulnerable URL: http://dogshow.sk/statistics.php Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 11:14 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1840924 VIP website status:| No Check dogshow.sk SSL...

PHPKick 0.8 - statistics.php SQL Injection Exploit

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '69551' version = '1' author = 'RickGray' vulDate = '2010-08-08' createDate = '2015-10-15'...

CVE-2011-3752

LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files...

CVE-2010-3029

SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action...

Sql injection

SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action...

CVE-2010-3029

SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action...

CVE-2010-3029

CVE-2010-3029 : PHPKick 0.8 has an SQL injection in the statistics.php file, exploitable via the gameday parameter in an overview action, allowing remote attackers to execute arbitrary SQL. The affected component is statistics.php within PHPKick 0.8; root cause is a vulnerability in input handlin...

PHPKick v0.8 statistics.php SQL Injection Exploit

Exploit for php platform in category web applications ================================================= PHPKick v0.8 statistics.php SQL Injection Exploit ================================================= Date: August 8th, 2010 Time: 03:45am ; Author: garwga Version: 0.8 Google dork : "© 2004...

PHPKick 0.8 - 'Statistics.php' SQL Injection

Exploit Title: PHPKick v0.8 statistics.php SQL Injection Date: August 8th, 2010 Time: 03:45am ; Author: garwga Version: 0.8 Google dork : "© 2004 PHPKick.de Version 0.8" Category: webapps/0day Code: see below ?php echo"\n\n"; echo"|=================PHPKick v0.8 statistics.php SQL...

CVE-2008-3923

Multiple cross-site scripting XSS vulnerabilities in statistics.php in Content Management Made Easy CMME 1.12 allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 year parameters in an hstatyear action...

CVE-2008-3923

CVE-2008-3923 affects Content Management Made Easy (CMME) 1.12. The vulnerability is a set of cross-site scripting (XSS) flaws in statistics.php, exploitable via the hstat_year action through the page and year parameters. The underlying cause is improper input handling/sanitization of these param...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 admin.php, 2 custompages.php, 3 draft.php, 4 faq.php, 5 leagues.php, 6 livedraft.php, 7 login.php, 8 myteam.php, 9 profile.php, 10...

X-Scripts X-Statistics X-Statistics.PHP SQL注入漏洞

X-Statistics是一款基于PHP的统计程序。 X-Statistics不正确处理用户提交的WEB数据，远程攻击者可以利用漏洞进行SQL注入获得敏感信息。 问题存在于'X-Statistics.PHP'脚本中，由于对用户提交的URI参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 X-Scripts X-Statistics 1.20 http://members.lycos.co.uk/xscripts03/ GET /x-statistics.php HTTP/1.1 Host: www.example.com User-Agent:...

CVE-2006-3950

SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header...

CVE-2006-3950

CVE-2006-3950 describes an SQL injection in X-Scripts X-Statistics 1.20, triggered through the User-Agent HTTP header in x-statistics.php. The vulnerability allows remote attackers to execute arbitrary SQL commands. Affected product/version: X-Scripts X-Statistics 1.20 (component: x-statistics.ph...

Multiple Vulnerabilities in PHP Surveyor

----------------------------------------------------------- Multiple Vulnerabilities in PHP Surveyor version 0.98 stable ------------------------------------------------------------ Summary: PHP Surveyor is vulnerable to many sql injections, cross site scriptings, and path disclosures. Details:...