CVE-2007-1026
CVE-2007-1026 is a SQL injection in XLAtunes prior to or including 0.1, exploitable via the album parameter in view mode. The underlying issue is improper handling of user-supplied input in view.php, allowing remote attackers to craft arbitrary SQL commands (injections) with network access. The p...