CVE-2008-0939

Name of the Vulnerable Software and Affected Versions WP Photo Album (WPPA) plugin for WordPress versions prior to 1.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the photo parameter to index.php, which is used by the wppa photo name function, or the album parameter to index.php, used by the wppa album name function.

Recommendations For WP Photo Album (WPPA) plugin for WordPress versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the wppa photo name and wppa album name functions until a patch is available. Avoid using the photo and album parameters in the affected index.php endpoint until the issue is resolved.