>> Coppermine Photo Gallery "add_hit()" Function Remote SQL Injection Vulnerability
Title : Coppermine Photo Gallery "add_hit()" Function Remote SQL Injection Vulnerability VUPEN ID : VUPEN/ADV-2006-2317 CVE ID : CVE-2006-3064
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-06-13
Technical Description
A vulnerability has been identified in Coppermine Photo Gallery, which may be exploited by attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "add_hit()" function that does not validate the "referer" and "user-agent" HTTP headers before being used in SQL statements (when the "Keep detailed hit statistics" feature is enabled), which could be exploited by malicious people to conduct SQL injection attacks.
