Content-Type Header Misconfiguration in SmarterStats by SmarterTools
CVE-2011-4752

Currently unrated

Key Information:

Vendor: Smartertools
Status: Smarterstats
Vendor: CVE Published:; 16 December 2011

🔔 Create Smartertools Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2011-4752?

SmarterTools SmarterStats version 6.2.4100 has a vulnerability related to improper management of Content-Type headers for specific resources. This misconfiguration can permit remote attackers to exploit interpretation conflicts, particularly concerning the frmCustomReport.aspx file and other related assets. Consequently, this may impact client interactions, potentially exposing sensitive data and leading to unauthorized actions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-4752 - Proof of Concept

References

http://xss.cx/examples/exploits/stored-reflected-xss-cwe7...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72204

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 16, 2011
👾
Exploit known to exist
Dec 16, 2011
Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011

CVE-2011-4752 Data

JSON