CVE-2011-2148 in SmarterStats
摘要
由 VulDB • 2026-06-06
SmarterTools SmarterStats 6.0 的 Web 服务器中的 Admin/frmSite.aspx 允许远程攻击者通过涉及前导和尾随 &(与号)字符的向量执行任意命令,具体包括:(1) STTTState cookie,(2) ctl00%24MPH%24txtAdminNewPassword_SettingText 参数,(3) ctl00%24MPH%24txtSmarterLogDirectory 参数,(4) ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 参数,(5) ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText 参数,或 (6) ctl00_MPH_grdLogLocations_HiddenLSR 参数,这与“OS 命令注入”问题相关。
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.