Raw Security

1 exploit Active since Jan 2008
CVE-2008-0288 EXPLOITDB text WORKING POC
ImageAlbum 2.0.0b2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.