cpe:/a:clausvb:dl_stats:1.2 CVE-2010-1498 2010-04-23T10:30:01.527-04:00 2017-08-16T21:32:23.273-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-04-26T15:30:00.000-04:00 EXPLOIT-DB 12280 SECUNIA 39496 BID 39592 OSVDB 63907 OSVDB 63908 VUPEN ADV-2010-0939 XF dlstats-id-sql-injection(57917) MISC http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt MISC http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/ MISC http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.