CVE-2008-3788

2008-08-26T14:41:00
ID CVE-2008-3788
Type cve
Reporter cve@mitre.org
Modified 2017-09-29T01:31:00

Description

Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.