CVE-2006-1234
DSCounter 1.2 contains a SQL Injection via the X-Forwarded-For header (HTTP_X_FORWARDED_FOR) when magic_quotes_gpc is disabled. The vulnerable script is index.php; attacker can inject arbitrary SQL to the query, enabling remote exploitation. Exploitation information is provided (PoC/Exploit avail...