CVE-2008-4335

Atomic Photo Album 1.1.0pre4 - SQL Injection via apa_album_ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4335. PoCs published by Stack, d3v1l.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Atomic Photo Album 1.1.0pre4 by extracting user credentials (nickname and password) via time-based inference. It uses string length comparisons to infer character values from the database.

Description

SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Stack · phpwebappsphp
https://www.exploit-db.com/exploits/6574

This exploit demonstrates a blind SQL injection vulnerability in Atomic Photo Album 1.1.0pre4 by extracting user credentials (nickname and password) via time-based inference. It uses string length comparisons to infer character values from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Atomic Photo Album 1.1.0pre4
No auth needed
Prerequisites: Target URL with vulnerable parameter (apa_album_ID) · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by d3v1l · textwebappsphp
https://www.exploit-db.com/exploits/6572

This exploit demonstrates SQL injection and XSS vulnerabilities in Atomic Photo Album 1.1.0pre4. The SQLi extracts database version, name, and user, while the XSS executes arbitrary JavaScript via the apa_album_ID parameter.

Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Atomic Photo Album 1.1.0pre4
No auth needed
Prerequisites: Access to the vulnerable album.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31409
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2691
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6572
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45433
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6574

Scores

EPSS 0.0105
EPSS Percentile 59.8%

Details

CWE
CWE-89
Status published
Products (1)
atomic_photo_album/atomic_photo_album 1.1.0_pre4
Published Sep 30, 2008
Tracked Since Feb 18, 2026