Login Sign Up

CVE-2016-4337

9.8 CRITICAL
SQL Injection Authentication Bypass

📋 TL;DR

This CVE describes a SQL injection vulnerability in Ktools.net Photostore's mgr.login.php file that allows remote attackers to execute arbitrary SQL commands via the email parameter during password recovery. Attackers can potentially access, modify, or delete database content. All Photostore installations before version 4.7.5 are affected.

💻 Affected Systems

Products:
  • Ktools.net Photostore
Versions: All versions before 4.7.5
Operating Systems: Any OS running Photostore (typically Linux/Windows web servers)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface component; requires Photostore to be installed and accessible.

📦 What is this software?

Photostore by Ktools

View all CVEs affecting Photostore →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, authentication bypass, remote code execution, and full system takeover.

🟠

Likely Case

Database information disclosure, user credential theft, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication via web interface.
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts available; exploitation requires sending crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.7.5 and later

Vendor Advisory: Not publicly documented by vendor

Restart Required: No

Instructions:

1. Download Photostore 4.7.5 or later from Ktools.net. 2. Backup current installation and database. 3. Replace existing files with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize email parameter input

Modify mgr.login.php to validate email format and escape special characters

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule: Detect and block SQL keywords in email parameter of recover_login requests

🧯 If You Can't Patch

  • Block access to /mgr.login.php at network perimeter or web server level
  • Implement strict input validation and parameterized queries in application code

🔍 How to Verify

Check if Vulnerable:

Check Photostore version in admin panel or by examining file headers; versions <4.7.5 are vulnerable

Check Version:

Check Photostore admin dashboard or examine version.php file contents

Verify Fix Applied:

Confirm version is 4.7.5+ and test recover_login functionality with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in web server logs
  • Multiple failed recover_login attempts with SQL syntax in parameters

Network Indicators:

  • HTTP POST requests to mgr.login.php with SQL keywords in email parameter

SIEM Query:

source="web_logs" AND uri="/mgr.login.php" AND (param="email" AND value CONTAINS "' OR '")

📊 Metadata

CVE ID: CVE-2016-4337
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: April 12, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-4337, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)