Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6649

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6649
Last Modified 08 Sep 2013 01:43:45
Published 07 Apr 2009 10:17:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6649

Summary

SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Systems

Application

  • Ktools Photostore 2.5

  • Ktools Photostore 2.9.8

  • Ktools Photostore 3.1.0

  • Ktools Photostore 3.1.1

  • Ktools Photostore 3.2

  • Ktools Photostore 3.2.1

  • Ktools Photostore 3.4

  • Ktools Photostore 3.4.2

  • Ktools Photostore 3.4.3

  • Ktools Photostore 3.5

  • Ktools Photostore 3.5.1

  • Ktools Photostore 3.5.2


References

XF - photostore-imagedetails-sql-injection(42408)

BID - 29136

MILW0RM - 5582

SECUNIA - 30194

OSVDB - 45142


Last Updated: 27 May 2016 10:49:16