Vulnerability Description
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Photo Album Plugin | 1.1 |
Related Weaknesses (CWE)
References
- http://me.mywebsight.ws/web/wppa/
- http://secunia.com/advisories/28988Vendor Advisory
- http://securityreason.com/securityalert/3693
- http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerab
- http://www.securityfocus.com/archive/1/488290Exploit
- http://www.securityfocus.com/bid/27832Exploit
- http://www.vupen.com/english/advisories/2008/0586
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40599
- https://www.exploit-db.com/exploits/5135
- http://me.mywebsight.ws/web/wppa/
- http://secunia.com/advisories/28988Vendor Advisory
- http://securityreason.com/securityalert/3693
- http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerab
- http://www.securityfocus.com/archive/1/488290Exploit
- http://www.securityfocus.com/bid/27832Exploit
FAQ
What is CVE-2008-0939?
CVE-2008-0939 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to ...
How severe is CVE-2008-0939?
CVE-2008-0939 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0939?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Photo Album Plugin.