Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
picturespro picturespro photo cart 3.9 |