← Voltar para CVEs
CVE-2008-0939
N/ADescricao
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado2/25/2008
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
wordpress:photo_album_plugin
Fraquezas (CWE)
CWE-89
Referencias
http://me.mywebsight.ws/web/wppa/(cve@mitre.org)
http://secunia.com/advisories/28988(cve@mitre.org)
http://securityreason.com/securityalert/3693(cve@mitre.org)
http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/(cve@mitre.org)
http://www.securityfocus.com/archive/1/488290(cve@mitre.org)
http://www.securityfocus.com/bid/27832(cve@mitre.org)
http://www.vupen.com/english/advisories/2008/0586(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/40599(cve@mitre.org)
https://www.exploit-db.com/exploits/5135(cve@mitre.org)
http://me.mywebsight.ws/web/wppa/(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28988(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3693(af854a3a-2127-422b-91ae-364da2661108)
http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/488290(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/27832(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0586(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/40599(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/5135(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.