CVE-2006-6780

HLstats <1.34 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michael Brooks · phpwebappsphp

https://www.exploit-db.com/exploits/3002

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://secunia.com/advisories/23505

[Exploit] http://www.securityfocus.com/bid/21740

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/5183

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/455305/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3002

[Third Party Advisory] http://securityreason.com/securityalert/2064

Scores

EPSS 0.0173

EPSS Percentile 82.5%

Details

Status published

Products (2)

hlstats/hlstats 1.20

hlstats/hlstats 1.34

Published Dec 28, 2006

Tracked Since Feb 18, 2026