|
|
>> photokorn Multiple Parameter Handling Remote SQL Injection Vulnerabilities
|
Title : photokorn Multiple Parameter Handling Remote SQL Injection Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-1525
CVE ID : CVE-2006-2040
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-04-26
|
Multiple vulnerabilities have been identified in photokorn, which may be exploited by remote attackers to execute arbitrary SQL commands. These flaws are due to input validation errors in the "index.php", "postcard.php", and "print.php" scripts that do not validate the "cat", "pic", "id", and "page" parameters before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
Affected Products
photokorn version 1.542 and prior
Solution
Upgrade to version 1.6 :
http://www.telekorn.com/cms/front_content.php
References
http://www.vupen.com/english/advisories/2006/1525
Credits
Vulnerabilities reported by Dr.Jr7
ChangeLog
2006-04-26 : Initial release
2006-11-14 : Updated Solution
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
