Design/Logic Flaw

modules/banners/funcs/click.php in NukeViet before 4.3.04 has a SQL INSERT statement with raw header data from an HTTP request e.g., Referer and User-Agent...