CVE-2011-2148 in SmarterStats信息

摘要

由 VulDB • 2026-06-06

SmarterTools SmarterStats 6.0 的 Web 服务器中的 Admin/frmSite.aspx 允许远程攻击者通过涉及前导和尾随 &(与号)字符的向量执行任意命令,具体包括:(1) STTTState cookie,(2) ctl00%24MPH%24txtAdminNewPassword_SettingText 参数,(3) ctl00%24MPH%24txtSmarterLogDirectory 参数,(4) ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 参数,(5) ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText 参数,或 (6) ctl00_MPH_grdLogLocations_HiddenLSR 参数,这与“OS 命令注入”问题相关。

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!