Photocrati Theme 4.x.x – SQL Injection | CVE 2015-2216

Affects Themes

photocrati-theme

No known fix

photocrati-theme-v4

No known fix

References

CVE

CVE-2015-2216

Exploitdb

36242

URL

https://packetstormsecurity.com/files/#130595/

URL

http://www.photocrati.com

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

858ed4bc-305a-4fca-a69d-2122c4c5a9b7

Timeline

Publicly Published

2015-03-02 (about 11 years ago)

Added

2015-03-02 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2026-02-23

Title

Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) SQL Injection

Published

2025-03-27

Title

Newsletters < 4.9.9.8 - Authenticated (Administrator+) SQL Injection

Published

2024-02-27

Title

Conversios < 7.0.8 - Subscriber+ SQL Injection

Published

2017-10-10

Title

Simple Login Log < 1.1.2 - Authenticated SQL Injection

Published

2024-10-14

Title

Ajax Rating with Custom Login <= 1.1 - Unauthenticated SQL Injection