CVE-2008-0843
StatCounteX 3.0 and 3.1 - Unauthenticated Sensitive Information Disclosure and Configuration Manipulation via admin.asp
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0843. PoCs published by Phenom.
AI-analyzed exploit summary This is a writeup describing two vulnerabilities in StatCounteX 3.1: database disclosure via direct access to 'stats.mdb' and unauthenticated admin access via 'admin.asp'. No exploit code is provided.
Description
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Phenom · textwebappsphp
https://www.exploit-db.com/exploits/11434
This is a writeup describing two vulnerabilities in StatCounteX 3.1: database disclosure via direct access to 'stats.mdb' and unauthenticated admin access via 'admin.asp'. No exploit code is provided.
Classification
Writeup 100%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
StatCounteX 3.1
No auth needed
Prerequisites:
network access to the target web server
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488200/100/0/threaded
Exploit third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3675
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27814
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28984
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11434
Scores
EPSS
0.0255
EPSS Percentile
83.0%
Details
CWE
CWE-264
Status
published
Products (2)
statcountex/statcountex
3.0
statcountex/statcountex
3.1
Published
Feb 20, 2008
Tracked Since
Feb 18, 2026