CVE-2008-2817
NiTrO Web Gallery 1.4.3 and earlier contains a SQL injection in albums.php (CatId parameter in a show action) that allows remote attackers to execute arbitrary SQL commands. The issue arises from inadequate sanitization of CatId, enabling potentially unauthorized data access or manipulation. No r...