Dl_stats Cross Site Scripting And SQL Injection Vulnerabilities Network Vulnerability

Summary

dl_stats is prone to an SQL-injection vulnerability and multiple cross- site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. dl_stats 2.0 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/bid/39592
http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/
http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-1497
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability
/cgi-bin directory browsable ?
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability

dl_stats Cross Site Scripting and SQL Injection Vulnerabilities

Take action and discover your vulnerabilities