Vulnerabilities > PHP Stats > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-14 | CVE-2007-5453 | Code Injection vulnerability in PHP-Stats 0.1.9.2 Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php. | 8.5 |
| 2007-03-20 | CVE-2006-7172 | SQL-Injection vulnerability in PHP-Stats Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. | 7.5 |
| 2006-03-09 | CVE-2006-1084 | Input Validation and Information Disclosure vulnerability in PHP-Stats Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php. | 7.5 |
| 2006-03-09 | CVE-2006-1083 | Input Validation and Information Disclosure vulnerability in PHP-Stats Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. | 7.5 |