CVE-2008-0939
The WP Photo Album (WPPA) WordPress plugin (before 1.1) contains multiple SQL injection flaws in wppa.php. The issues arise from unsafely handling the photo parameter (wppa_photo_name) and the album parameter (wppa_album_name) in index.php, allowing remote attackers to execute arbitrary SQL comma...