CVE-2008-6647

Ktools Photostore - SQL Injection

Title source: rule

Description

SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mr.SQL · textwebappsphp

https://www.exploit-db.com/exploits/5580

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5582

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/30194

[Exploit] http://www.securityfocus.com/bid/29132

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42318

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5580

[Third Party Advisory, VDB Entry] http://osvdb.org/45140

Scores

EPSS 0.0062

EPSS Percentile 70.0%

Details

CWE

CWE-89

Status published

Products (1)

ktools/photostore 3.4.3

Published Apr 07, 2009

Tracked Since Feb 18, 2026