Ktools.Net · Ktools.Net Photostore · CVE-2016-4337
**Name of the Vulnerable Software and Affected Versions**
Ktools.net Photostore versions prior to 4.7.5
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `email` parameter in a "recover login" action within the mgr.login.php file.
**Recommendations**
For versions prior to 4.7.5, update to version 4.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the mgr.login.php file or the recover login action to minimize the risk of exploitation. Avoid using the `email` parameter in the affected action until the issue is resolved.