CVE-2006-7172

php-stats < 0.1.9.1b - SQL Injection via HTTP Header or IP Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-7172. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages SQL injection via the HTTP header 'PC-REMOTE-ADDR' in Php-Stats <= 0.1.9.1b to extract the admin password from the database. The payload injects a UNION-based SQL query to retrieve the password from the 'php_stats_config' table.

Description

Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/3496

This exploit leverages SQL injection via the HTTP header 'PC-REMOTE-ADDR' in Php-Stats <= 0.1.9.1b to extract the admin password from the database. The payload injects a UNION-based SQL query to retrieve the password from the 'php_stats_config' table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Php-Stats <= 0.1.9.1b
No auth needed
Prerequisites: Target must be running Php-Stats <= 0.1.9.1b · Remote SQL injection via HTTP headers must be possible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/3497

This exploit targets a SQL injection vulnerability in Php-Stats <= 0.1.9.1b via the 'ip' parameter, bypassing input validation through urldecode() and ereg() limitations. It discloses the admin password by injecting a UNION-based SQL query.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Php-Stats <= 0.1.9.1b
No auth needed
Prerequisites: 'accept_ssi' option enabled in Php-Stats configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24553
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3496
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34280
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33031
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1004
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3497

Scores

EPSS 0.0226
EPSS Percentile 80.7%

Details

Status published
Products (1)
php-stats/php-stats < 0.1.9.1b
Published Mar 20, 2007
Tracked Since Feb 18, 2026