2 matches found
CVE-2008-6648
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to aboutus.php. NOTE: this might be the same issue as CVE-2008-6647...
CVE-2008-6648
CVE-2008-6648 describes a remote SQL injection in the Ktools PhotoStore web app. The vulnerability exists in the file crumbs.php (versions 3.4.3 and 3.5.2) and is exploitable via the query parameter gid to about_us.php . It may be related to CVE-2008-6647. The impact is the potential execution of...