PHP Web Statistik stat.php lastnumber Variable Resource Consumption DoS
Remote / Network Access
Denial of Service
Loss of Availability
PHP Web Statistik contains a flaw that may allow a remote denial of service. The issue is triggered when the 'lastnumber' parameter in the 'stat.php' script isn't properly validated before being used in an loop statement, and will result in loss of availability for the service.
Upgrade to version 1.4a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.