CVE-2006-3184
Summary
Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.
- LOW
- NETWORK
- SINGLE
- PARTIAL
- NONE
- NONE
References
Advisory Timeline
- Published