cpe:/a:ultrastats:ultrastats:0.2.136 cpe:/a:ultrastats:ultrastats:0.2.140 cpe:/a:ultrastats:ultrastats:0.2.142 CVE-2008-3241 2008-07-21T12:41:00.000-04:00 2017-09-28T21:31:35.740-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-07-22T09:10:00.000-04:00 ALLOWS_OTHER_ACCESS BID 30212 SREASON 4021 EXPLOIT-DB 6067 CONFIRM http://www.shooter-szene.de/PNphpBB2-viewtopic-t-12730.phtml XF ultrastats-playersdetail-sql-injection(43760) SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.