SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote malicious users to execute arbitrary SQL commands via the page parameter.
stanback bs counter 2.5.3