CVE-2008-6649

Ktools Photostore - SQL Injection

Title source: rule

Description

SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by DNX · textwebappsphp

https://www.exploit-db.com/exploits/5582

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Mr.SQL · textwebappsphp

https://www.exploit-db.com/exploits/5580

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/45142

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5582

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30194

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42408

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29136

Scores

EPSS 0.0023

EPSS Percentile 46.1%

Details

CWE

CWE-89

Status published

Products (12)

ktools/photostore 2.5

ktools/photostore 2.9.8

ktools/photostore 3.1.0

ktools/photostore 3.1.1

ktools/photostore 3.2

ktools/photostore 3.2.1

ktools/photostore 3.4

ktools/photostore 3.4.2

ktools/photostore 3.4.3

ktools/photostore 3.5

... and 2 more

Published Apr 07, 2009

Tracked Since Feb 18, 2026