VDB
CVE-2006-3064
CVE-2006-3064
PUBLISHED
CVSS 7.5 HIGH
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
EPSS 0.60% · 70.0th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
0.60%
70.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| coppermine | coppermine_photo_gallery | 1.4.8 |
| n/a | n/a | n/a |
Timeline
- Jun 19, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- ADV-2006-2317 vdb
- 20060611 [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack mailing-list
- 20597 third-party-advisory
- http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html url
- https://nvd.nist.gov/vuln/detail/CVE-2006-3064 advisory