SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.

SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.