SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/137734/Ktools-Photostore-4.7.5-Blind-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/40046/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2017-04-12T22:00:00
Updated: 2017-04-12T21:57:01
Reserved: 2016-04-27T00:00:00
Link: CVE-2016-4337
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-04-12T22:59:00.367
Modified: 2017-04-19T19:47:34.770
Link: CVE-2016-4337
JSON object: View
Redhat Information
No data.
CWE