CVE-2007-2167

AimStats 3.2 - Code Injection

Title source: llm

Description

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · htmlwebappsphp

https://www.exploit-db.com/exploits/3762

View Code ZIP pw:eip

References (6)

[Various Sources] http://www.x-pose.org/aimstats.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33742

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23573

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1447

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3762

[Third Party Advisory] http://secunia.com/advisories/24955

Scores

EPSS 0.0486

EPSS Percentile 89.6%

Details

Status published

Products (1)

aimstats/aimstats 3.2

Published Apr 22, 2007

Tracked Since Feb 18, 2026