CVE-2011-2153

Published: May 20, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue.

Affected (1)

Products: Smartertools: Smarterstats

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Smartertools Smarterstats	Version 6.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://www.kb.cert.org/vuls/id/240150

Source: cve@mitre.org

US Government Resource

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

Source: cve@mitre.org

US Government Resource

http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/67829

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/240150

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.kb.cert.org/vuls/id/MORO-8GYQR4

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/67829

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.