Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
References
Link | Resource |
---|---|
http://secunia.com/advisories/35049 | Vendor Advisory |
http://www.securityfocus.com/archive/1/503493 | Exploit |
http://www.securityfocus.com/bid/34967 | Exploit |
https://www.exploit-db.com/exploits/8679 |
Configurations
History
No history.
Information
Published : 2009-05-16 18:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1650
Mitre link : CVE-2009-1650
CVE.ORG link : CVE-2009-1650
JSON object : View
Products Affected
tenfourzero
- shutter
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')