Vulnerability Details CVE-2011-2151
The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.kb.cert.org/vuls/id/240150
- http://www.kb.cert.org/vuls/id/MORO-8GYQR4
- http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
- http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67831
- http://www.kb.cert.org/vuls/id/240150
- http://www.kb.cert.org/vuls/id/MORO-8GYQR4
- http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html
- http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67831
Products affected by CVE-2011-2151
-
cpe:2.3:a:smartertools:smarterstats:6.0