CVE-2008-0939

CVE Database · CVE-2008-0939

CVE-2008-0939

· N/AModified

CVSS v3.1

N/A

EPSS

4.25%

Published

Feb 25, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBWordPress Plugin Photo album - SQL Injection TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.

Weaknesses (CWE)

CWE-89

Affected Products (1)

wordpress · photo_album_pluginvulnerable

References (18)

http://me.mywebsight.ws/web/wppa/

http://secunia.com/advisories/28988

Vendor Advisory

http://securityreason.com/securityalert/3693

http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/

http://www.securityfocus.com/archive/1/488290

Exploit