CVE-2008-2501

critical

Description

Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.

References

https://www.exploit-db.com/exploits/5683

https://exchange.xforce.ibmcloud.com/vulnerabilities/42670

http://secunia.com/advisories/30407

Details

Source: Mitre, NVD

Published: 2008-05-29

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00162