Webalbum Security Vulnerabilities

CVE-2009-0446

SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id...

CVE-2008-2698

Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category...

CVE-2006-1480

Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2...