A vulnerability was found in CNStats 2.12. It has been rated as critical. This issue affects an unknown functionality of the file who_r.php of the component htaccess. The manipulation of the argument bn with an unknown input leads to a file inclusion vulnerability. Using CWE to declare the problem leads to CWE-73. The product allows user input to control or influence paths or file names that are used in filesystem operations. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

The weakness was presented 04/18/2007 (Website). The advisory is shared at secunia.com. The identification of this vulnerability is CVE-2007-2087 since 04/17/2007. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available.

By approaching the search of inurl:who_r.php it is possible to find vulnerable targets with Google Hacking.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (33977). See 36232 for similar entry.

Productinfo

Name

• CNStats

Version

• 2.12

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion