Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an "OS command injection" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SmarterTools SmarterStats web服务器操作系统命令注入漏洞
Vulnerability Description
SmarterStats是一款可以通过网页浏览器访问帮助站长跟踪网站访问者的程序,并可以产生超过135份跟踪报告。 SmarterTools SmarterStats 6.0 web服务器中的Admin/frmSite.aspx中存在操作系统命令注入漏洞。远程攻击者可以借助某些向量执行任意命令。这些向量与尾随的&(ampersand)字符,STTTState cookie,ctl00%24MPH%24txtAdminNewPassword_SettingText参数,ctl00%24MPH%24txtSm
CVSS Information
N/A
Vulnerability Type
N/A