CVE-2010-1497

dl_stats < 2.0 - Cross-Site Scripting via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1497. PoCs published by Valentin Hoebel.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple issues in dl_stats, including SQL injection, XSS, and an unprotected admin backend. It provides example URIs for exploitation but does not include functional exploit code.

Description

Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Valentin Hoebel · textwebappsphp
https://www.exploit-db.com/exploits/12280

This is a vulnerability writeup detailing multiple issues in dl_stats, including SQL injection, XSS, and an unprotected admin backend. It provides example URIs for exploitation but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: dl_stats > 2.0
No auth needed
Prerequisites: Access to vulnerable dl_stats installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39592
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0939
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/63909
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12280
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57918
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39496

Scores

EPSS 0.0238
EPSS Percentile 81.7%

Details

CWE
CWE-79
Status published
Products (1)
clausvb/dl_stats 1.2
Published Apr 23, 2010
Tracked Since Feb 18, 2026