Summary
DNET Live-Stats is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
DNET Live-Stats 0.8 RC8 is vulnerable
other versions may also
be affected.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-4858 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- aeNovo Database Content Disclosure Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Struts2/XWork Remote Command Execution Vulnerability
- Apache Archiva Home Page Cross-Site Scripting vulnerability