CVE-2008-6647

Ktools Photostore - SQL Injection

Title source: rule

Description

SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mr.SQL · textwebappsphp

https://www.exploit-db.com/exploits/5580

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5582

View on exploitdb

References (5)

[Vendor Advisory] http://secunia.com/advisories/30194

[Exploit] http://www.securityfocus.com/bid/29132

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42318

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5580

[Third Party Advisory, VDB Entry] http://osvdb.org/45140

Scores

EPSS 0.0055

EPSS Percentile 67.7%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

ktools/photostore

Timeline

Published Apr 07, 2009

Tracked Since Feb 18, 2026