Direct static code injection vulnerability in ASP Stats Generator prior to 2.1.2 allows remote authenticated malicious users to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
asp stats generator asp stats generator |