CVE-2009-4980

Name of the Vulnerable Software and Affected Versions Photokorn Gallery versions 1.81 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the where[] parameter to the "search.php" endpoint and the qc parameter to the "admin.php" endpoint.

Recommendations For Photokorn Gallery versions 1.81 and earlier, avoid using the where[] parameter in the "search.php" endpoint and the qc parameter in the "admin.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "search.php" and "admin.php" endpoints to minimize the risk of exploitation.