PT-2006-2250 · Dscounter · Dscounter
Aliaksandr Hartsuyeu
·
Published
2006-03-14
·
Updated
2018-10-18
·
CVE-2006-1234
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
DSCounter version 1.2
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
HTTP X FORWARDED FOR environment variable in an HTTP header, specifically the X-Forwarded-For field, when magic quotes gpc is disabled.Recommendations
For DSCounter version 1.2, consider disabling the use of the
HTTP X FORWARDED FOR environment variable until a patch is available, or enable magic quotes gpc to mitigate the risk of SQL injection.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dscounter