Vulnerability Description
Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Asp Stats Generator | Asp Stats Generator | <= 2.1.1 |
References
- http://blog.asp-stats.com/index.php/2006/06/18/asp-stats-generator-v212/
- http://secunia.com/advisories/20721Vendor Advisory
- http://www.hamid.ir/security/aspstats.txt
- http://www.vupen.com/english/advisories/2006/2414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27284
- https://www.exploit-db.com/exploits/1931
- http://blog.asp-stats.com/index.php/2006/06/18/asp-stats-generator-v212/
- http://secunia.com/advisories/20721Vendor Advisory
- http://www.hamid.ir/security/aspstats.txt
- http://www.vupen.com/english/advisories/2006/2414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27284
- https://www.exploit-db.com/exploits/1931
FAQ
What is CVE-2006-3184?
CVE-2006-3184 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_s...
How severe is CVE-2006-3184?
CVE-2006-3184 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3184?
Check the references section above for vendor advisories and patch information. Affected products include: Asp Stats Generator Asp Stats Generator.