• info
• discussion
• exploit
• solution
• references

PHP-Stats CVE-2006-7173 Remote Security Vulnerability

PHP-Stats is prone to a remote security vulnerability. Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.