CVE-2007-2167 Information

Description

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.

Reference

http://secunia.com/advisories/24955 http://www.securityfocus.com/bid/23573 http://www.vupen.com/english/advisories/2007/1447 http://www.x-pose.org/aimstats.php https://exchange.xforce.ibmcloud.com/vulnerabilities/33742 https://www.exploit-db.com/exploits/3762