CVE-2008-2501
PHPhotoalbum 0.5 - SQL Injection via Album or PID Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2008-2501. PoCs published by Stack, cOndemned.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PHPhotoalbum's thumbnails.php, allowing an attacker to extract sensitive information such as user credentials and file contents via UNION-based SQLi.
Description
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
Exploits (2)
This exploit demonstrates a SQL injection vulnerability in PHPhotoalbum's thumbnails.php, allowing an attacker to extract sensitive information such as user credentials and file contents via UNION-based SQLi.
This exploit demonstrates SQL injection vulnerabilities in PHPhotoalbum v0.5 by injecting malicious SQL queries into the 'album' and 'pid' parameters, leading to information disclosure such as database version, user, and current database name.