x_stat_admin.php in x-stat 2.3 and earlier allows remote...
Moderate severity
Unreviewed
Published
Apr 30, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Dec 31, 2002
Published to the GitHub Advisory Database
Apr 30, 2022
Last updated
Jan 30, 2023
x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to (1) execute PHP commands such as phpinfo or (2) obtain the full path of the web server via an invalid action parameter, which leaks the pathname in an error message.
References