CVE-2006-1084

Name of the Vulnerable Software and Affected Versions PHP-Stats versions 0.1.9.1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the option[prefix] parameter in admin.php and other unspecified PHP scripts, as well as the PC REMOTE ADDR HTTP header to click.php.

Recommendations For PHP-Stats versions 0.1.9.1 and earlier, consider restricting access to the admin.php and click.php scripts until a fix is available. As a temporary workaround, avoid using the option[prefix] parameter and restrict the PC REMOTE ADDR HTTP header to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.