CVE-2009-4979 Information

Description

Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[] (2) sort (3) order and (4) Match parameters.

Reference

http://holisticinfosec.org/content/view/120/45/ http://secunia.com/advisories/36150 http://www.securityfocus.com/bid/35966