2 matches found
CVE-2010-1497
The vulnerability CVE-2010-1497 affects the dl_stats web application (before version 2.0) via download_proc.php, where the id parameter is not properly sanitized, enabling Cross‑Site Scripting (XSS) by remote attackers. Impact described in OpenVAS entries includes attacker‑delivered scripts that ...
CVE-2010-1498
Multiple SQL injection vulnerabilities affect the dl_stats package before version 2.0. The issue allows remote attackers to execute arbitrary SQL commands by supplying a crafted id parameter to two PHP endpoints: download.php and view_file.php. This conclusion is supported by CVE-2010-1498 record...