Description
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by cOndemned · textwebappsphp
https://www.exploit-db.com/exploits/5683
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30407
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42670
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5683
Scores
EPSS
0.0056
EPSS Percentile
68.3%
Details
CWE
CWE-89
Status
published
Products (1)
henning_stoverud/phphotoalbum
0.5
Published
May 29, 2008
Tracked Since
Feb 18, 2026