CVE-2006-3064
SQL injection vulnerability in the addhit function in include/function.inc.php in Coppermine Photo Gallery CPG 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 referer and 2 user-agent HTTP headers...