|
Description
|
|
Multiple vulnerabilities were identified in PHP Web Statistik, which could be exploited by malicious users to conduct cross site scripting and denial of service attacks, or gain knowledge of sensitive information.
The first issue is due to an input validation error in the "stat.php" script when processing specially crafted "lastnumber" and "referer" variables, which could be exploited by malicious users to conduct cross site scripting attacks.
The second flaw is due to a design error where the configuration (stat.cfg) and log (logdb.dta) files are publicly accessible, which could be exploited by remote attackers to disclose sensitive information.
The third vulnerability is due to an error in the "stat.php" file when processing a large "lastnumber" value, which could be exploited by attackers to cause a denial of service.
|
