CVE-2006-3064

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery version 1.4.8

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the "Keep detailed hit statistics" option is enabled, and the attack is conducted via the referer and user-agent HTTP headers.

Recommendations For Coppermine Photo Gallery version 1.4.8, consider disabling the "Keep detailed hit statistics" option as a temporary workaround until a patch is available. Restrict access to the add hit function in include/function.inc.php to minimize the risk of exploitation. Avoid using the referer and user-agent HTTP headers in the affected function until the issue is resolved.