CVE-2008-0939
WP Photo Album Plus <= 1.1 - SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
Múltiples vulnerabilidades de inyección SQL en el plugin wppa.php de WP Photo Album (WPPA) antes de 1.1 para WordPress permiten a atacantes remotos ejecutar comandos SQL de su elección a través de 1) el parámetro photo a index.php, utilizado por la función wppa_photo_name; o (2) el parámetro album a index.php, utilizado por la función wppa_album_name.
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-25 CVE Reserved
- 2008-02-25 CVE Published
- 2024-04-08 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://me.mywebsight.ws/web/wppa | X_refsource_confirm | |
| http://securityreason.com/securityalert/3693 | Third Party Advisory | |
| http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities | X_refsource_misc | |
| http://www.vupen.com/english/advisories/2008/0586 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40599 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5135 | 2024-08-07 | |
| http://www.securityfocus.com/archive/1/488290 | 2024-08-07 | |
| http://www.securityfocus.com/bid/27832 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28988 | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wordpress Search vendor "Wordpress" | Photo Album Plugin Search vendor "Wordpress" for product "Photo Album Plugin" | 1.1 Search vendor "Wordpress" for product "Photo Album Plugin" and version "1.1" | - |
Affected
| ||||||