CVE-2008-2501
Henning Stoverud Phphotoalbum - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by cOndemned · textwebappsphp
https://www.exploit-db.com/exploits/5683
Scores
EPSS
0.0056
EPSS Percentile
67.8%
Classification
CWE
CWE-89
Status
draft
Affected Products (1)
henning_stoverud/phphotoalbum
Timeline
Published
May 29, 2008
Tracked Since
Feb 18, 2026