Unrated severityNVD Advisory· Published May 16, 2009· Updated Apr 23, 2026

CVE-2009-1650

Description

Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.

Affected products

Tenfourzero/Shutter
cpe:2.3:a:tenfourzero:shutter:0.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/archive/1/503493nvdExploit
www.securityfocus.com/bid/34967nvdExploit
secunia.com/advisories/35049nvdVendor Advisory
www.exploit-db.com/exploits/8679nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000