Vulnerabilities > CVE-2006-3184 - Remote Security vulnerability in Asp Stats Generator
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp. Upgrade to ASP Stats Generator version 2.1.2 : http://www.weppos.com/asg/en/download.asp
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | ASP Stats Generator <= 2.1.1 SQL Injection Vulnerabilities. CVE-2006-3184,CVE-2006-3580. Webapps exploit for asp platform |
| file | exploits/asp/webapps/1931.txt |
| id | EDB-ID:1931 |
| last seen | 2016-01-31 |
| modified | 2006-06-19 |
| platform | asp |
| port | |
| published | 2006-06-19 |
| reporter | Hamid Ebadi |
| source | https://www.exploit-db.com/download/1931/ |
| title | ASP Stats Generator <= 2.1.1 - SQL Injection Vulnerabilities |
| type | webapps |
References
- http://blog.asp-stats.com/index.php/2006/06/18/asp-stats-generator-v212/
- http://secunia.com/advisories/20721
- http://www.hamid.ir/security/aspstats.txt
- http://www.vupen.com/english/advisories/2006/2414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27284
- https://www.exploit-db.com/exploits/1931