CVE-2006-7173

PHP-Stats <0.1.9.1b - Code Injection

Title source: llm

Description

Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/3502

References (3)

Scores

EPSS 0.0830
EPSS Percentile 92.3%

Details

Status published
Products (1)
php-stats/php-stats < 0.1.9.1b
Published Mar 20, 2007
Tracked Since Feb 18, 2026