Dl_stats Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

dl_stats is prone to an SQL-injection vulnerability and multiple cross- site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. dl_stats 2.0 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/bid/39592
http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/
http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-1497

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

3Com NBX VoIP NetSet Detection
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
AN Guestbook Local File Inclusion Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability

dl_stats Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities