CVE-2010-0674

StatCounteX 3.1 - Unauthenticated Sensitive Information Exposure via Direct Database Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0674. PoCs published by Phenom.

AI-analyzed exploit summary This is a writeup describing two vulnerabilities in StatCounteX 3.1: database disclosure via direct access to 'stats.mdb' and unauthenticated admin access via 'admin.asp'. No exploit code is provided.

Description

StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Phenom · textwebappsphp

https://www.exploit-db.com/exploits/11434

View Code ZIP pw:eip

This is a writeup describing two vulnerabilities in StatCounteX 3.1: database disclosure via direct access to 'stats.mdb' and unauthenticated admin access via 'admin.asp'. No exploit code is provided.

Classification

Writeup 100%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: StatCounteX 3.1

No auth needed

Prerequisites: network access to the target web server

MITRE ATT&CK

T1592 - Gather Victim Host Information T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/56264

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11434

Scores

EPSS 0.0244

EPSS Percentile 82.2%

Details

CWE

CWE-264

Status published

Products (1)

2enetworx/statcountex 3.1

Published Feb 22, 2010

Tracked Since Feb 18, 2026