Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6648

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6648
Last Modified 07 Mar 2011 10:16:40
Published 07 Apr 2009 10:17:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6648

Summary

SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.

Vulnerable Systems

Application

  • Ktools Photostore 3.4.3

  • Ktools Photostore 3.5.2


References

XF - photostore-aboutus-sql-injection(42317)

XF - photostore-crumbs-sql-injection(42317)

BID - 29136

MILW0RM - 5582

SECUNIA - 30194

OSVDB - 45141


Last Updated: 27 May 2016 10:49:16