Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2008-08-26T14:06:00
Updated: 2024-08-07T09:52:59.877Z
Reserved: 2008-08-26T00:00:00
Link: CVE-2008-3788
Vulnrichment
No data.
NVD
Status : Modified
Published: 2008-08-26T14:41:00.000
Modified: 2024-11-21T00:50:08.053
Link: CVE-2008-3788
Redhat
No data.