Information Disclosure in SmarterStats 6.0 by SmarterTools
CVE-2011-2157

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 20 May 2011

What is CVE-2011-2157?

The SmarterStats 6.0 web server by SmarterTools contains a vulnerability in the Admin components (frmEmailReportSettings.aspx and frmGeneralSettings.aspx), which unintentionally expose email addresses in the generated web pages. This flaw allows remote attackers to retrieve potentially sensitive information by accessing the default values of form fields, thereby compromising the privacy of users.

References

http://xss.cx/examples/smarterstats-60-oscommandinjection...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67825

vdb-entryx_refsource_XF

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

x_refsource_MISC

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 20, 2011

Smartertools

What is CVE-2011-2157?

References

Timeline