VULHUB ™

The web interface for Statistics Server contains an unchecked buffer which accepts input from the "Server ID" field of the login webpage. While the login webpage has a 16 character restriction, this is easily circumventible by editing the HTML to remove the restriction. Entering a string of more than 3773 characters will crash the server. This bug could potentially be used to remotely execute arbitrary code.

The web interface for Statistics Server contains an unchecked buffer which accepts input from the "Server ID" field of the login webpage. While the login webpage has a 16 character restriction, this is easily circumventible by editing the HTML to remove the restriction. Entering a string of more than 3773 characters will crash the server. This bug could potentially be used to remotely execute arbitrary code.