CVE-2008-3241

EUVD-2008-3229
SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
ultrastatsultrastats
0.2.136
ultrastatsultrastats
0.2.140
ultrastatsultrastats
0.2.142
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/4021
http://www.securityfocus.com/bid/30212
http://www.shooter-szene.de/PNphpBB2-viewtopic-t-12730.phtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/43760
https://www.exploit-db.com/exploits/6067
http://securityreason.com/securityalert/4021
http://www.securityfocus.com/bid/30212
http://www.shooter-szene.de/PNphpBB2-viewtopic-t-12730.phtml
https://exchange.xforce.ibmcloud.com/vulnerabilities/43760
https://www.exploit-db.com/exploits/6067