4 matches found
EUVD-2016-5337
Malware in sbrugna...
Sql injection
SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recoverlogin action...
CVE-2016-4337
CVE-2016-4337 affects Ktools Photostore prior to 4.7.5. The vulnerability is a SQL injection in the admin password-recovery flow (mgr.login.php, recover_login action) that allows remote attackers to execute arbitrary SQL via the email parameter. Publicly documented as a pre-authentication, blind ...
CVE-2006-5057
CVE-2006-5057 describes multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore . The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the parameters gid (in details.php) or photogid (in view_photog.php). Publicly cited sources corroborate XSS...