CVE-2006-3184

Name of the Vulnerable Software and Affected Versions ASP Stats Generator versions prior to 2.1.2

Description A direct static code injection issue allows remote authenticated attackers to execute arbitrary ASP code. This is achieved via the strAsgSknPageBgColour parameter to the "settings skin.asp" endpoint, with the malicious code being stored in "inc skin file.asp".

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "settings skin.asp" endpoint and avoid using the strAsgSknPageBgColour parameter until the issue is resolved.