MEDIUM🇵🇱 Wersja polska

CVE-2008-3788

CVSS 6.8v2.0pub. 2008-08-26upd. 2026-04-23

Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Picturespro Photo Cart

    APP
    Picturespro
    3.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2006-6093HIGH7.5ten sam produkt

Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remot...

CVE-2008-3786MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to...

CVE-2008-1536MEDIUM4.3ten sam produkt

Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows...

CVE-2018-5190CRITICAL9.8ten sam vendor

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary custom...