psychostats 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection, and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact data exposure, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2010-10010 | A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The identifier of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was ass | [email protected] | 3.5 | 0.49% | 2023-06-01 | 2026-06-16 |
| CVE-2013-3721 | SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter. | [email protected] | 7.5 | 2.22% | 2013-05-31 | 2026-06-16 |
| CVE-2008-6422 | Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. | [email protected] | 7.5 | 1.15% | 2009-03-06 | 2026-06-16 |
| CVE-2007-2914 | Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. | [email protected] | 4.3 | 1.53% | 2007-05-30 | 2026-06-16 |
| CVE-2007-2780 | PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | [email protected] | 5.0 | 3.02% | 2007-05-21 | 2026-06-16 |
| CVE-2004-1417 | Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. | [email protected] | 4.3 | 1.93% | 2004-12-31 | 2026-06-16 |