9.8
CVSSv3

CVE-2016-4337

Published: 12/04/2017 Updated: 21/11/2024

Vulnerability Summary

SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore prior to 4.7.5 allows remote malicious users to execute arbitrary SQL commands via the email parameter in a recover_login action.

Vulnerable Product Search on Vulmon Subscribe to Product

ktools photostore

Exploits

Title : Ktools Photostore <= 475 (Pre-Authentication) Blind SQL Injection CVE-ID : CVE-2016-4337 Google Dork: inurl:mgrloginphp Product : Photostore Affected : Versions prior to 475 Impact : Critical Remote : Yes Website link: wwwktoolsnet Reported : 02/06/2016 Authors : Gal Goldshtein and Viktor ...
Ktools Photostore versions 475 and below suffer from a remote blind SQL injection vulnerability ...