Valve · Dota Openstats · CVE-2011-5218
**Name of the Vulnerable Software and Affected Versions**
DotA OpenStats versions 1.3.9 and earlier
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter to the "index.php" endpoint.
**Recommendations**
For DotA OpenStats versions 1.3.9 and earlier, update to a version later than 1.3.9 to resolve the issue.