SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote malicious users to execute arbitrary SQL commands via the gid parameter.
ktools photostore 3.4.3