CVE-2006-3184

Medium

4/10

Summary

Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: SINGLE
Integrity Impact: PARTIAL
Confidentiality Impact: NONE
Availability Impact: NONE

References

Advisory Timeline

Published Jun 23, 2006

CVE-2006-3184

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS