Vulnerabilities > Ktools > Photostore > 3.5.2

DATE CVE VULNERABILITY TITLE RISK
2009-04-07 CVE-2008-6649 SQL Injection vulnerability in Ktools Photostore
SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
ktools CWE-89
7.5
7.5
2009-04-07 CVE-2008-6648 SQL Injection vulnerability in Ktools Photostore 3.4.3/3.5.2
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php.
network
low complexity
ktools CWE-89
7.5
7.5