Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2007-5453

Published: 14/10/2007 Updated: 29/09/2017
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 855
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Php-stats

Vulnerability Summary

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.

Vulnerable Product Search on Vulmon Subscribe to Product

php-stats php-stats 0.1.9.2

Exploits

Exploit DB: PHP-Stats 0.1.9.2 - Multiple Vulnerabilities
<?php /* Php-Stats 0192 Multiple Vulnerabilities Exploit Blind SQL Injection / Remote Code Execution PoC author: EgiX mail: n0b0d13s[at]gmail[dot]com link: php-statscom/downloads details: works with magic_quotes_runtime = off [1] Blind SQL Injection in php-statsrecjsphp: 94 if(isset($_GET['ip ...

References

CWE-94http://www.securityfocus.com/bid/26022http://osvdb.org/43480https://www.exploit-db.com/exploits/4513https://nvd.nist.govhttps://www.exploit-db.com/exploits/4513/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook