Vulnerability Description
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Henning Stoverud | Phphotoalbum | 0.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30407Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42670
- https://www.exploit-db.com/exploits/5683
- http://secunia.com/advisories/30407Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42670
- https://www.exploit-db.com/exploits/5683
FAQ
What is CVE-2008-2501?
CVE-2008-2501 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayim...
How severe is CVE-2008-2501?
CVE-2008-2501 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2501?
Check the references section above for vendor advisories and patch information. Affected products include: Henning Stoverud Phphotoalbum.