Vulnerability Details CVE-2006-7173
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.059
EPSS Ranking 90.2%
CVSS Severity
CVSS v2 Score 10.0
References