Information Disclosure Risk in SmarterStats Web Server by SmarterTools
CVE-2011-2153

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

🔔 Create Smartertools Vulnerability Alert

What is CVE-2011-2153?

The vulnerability in SmarterStats 6.0 allows attackers to extract user credentials via the txtUser and txtPass parameters in the query string. This exposure can lead to context-dependent attacks where sensitive information is revealed through web-server logs, including access logs and Referer logs, or even from the browser's history. Thus, it elevates the risk of unauthorized access to user accounts.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67829

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011