CVE-2008-0288

Name of the Vulnerable Software and Affected Versions ImageAlbum version 2.0.0b2

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This is caused by improper handling of the id parameter in various classes, including (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php. An example of exploitation is via the id parameter in a "collection.imageview" action.

Recommendations For ImageAlbum version 2.0.0b2, consider restricting access to the id parameter in the affected classes until a patch is available. As a temporary workaround, avoid using the id parameter in sensitive actions, such as collection.imageview, to minimize the risk of exploitation.