Romain Le Guen

Name of the Vulnerable Software and Affected Versions: 2Bgal versions 2.4 through 2.5.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id album` parameter in the "disp album.php" and possibly the "disp img.php" files. Recommendations: For versions 2.4 through 2.5.1, consider restricting access to the `disp album.php` and `disp img.php` files until a patch is available. Avoid using the `id album` parameter in the affected API endpoints until the issue is resolved.