Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| clausvb | dl_stats | 1.2 |
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| clausvb | dl_stats | * |