Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phpbb_group | phpbb | 2.0.11 |
| phpbb_group | phpbb | 2.0.2 |
| phpbb_group | phpbb | 2.0.3 |
| smartor | photo_album | 2.0.53 |
| phpbb_group | phpbb | 2.0.7a |
| phpbb_group | phpbb | 2.0.8a |
| phpbb_group | phpbb | 2.0.6 |
| phpbb_group | phpbb | 2.0.4 |
| phpbb_group | phpbb | 2.0.7 |
| phpbb_group | phpbb | 2.0.8 |
| phpbb_group | phpbb | 2.0.1 |
| phpbb_group | phpbb | 2.0.10 |
| phpbb_group | phpbb | 2.0.13 |
| phpbb_group | phpbb | 2.0.6d |
| phpbb_group | phpbb | 2.0.9 |
| phpbb_group | phpbb | 2.0.0 |
| phpbb_group | phpbb | 2.0.12 |
| phpbb_group | phpbb | 2.0.5 |
| phpbb_group | phpbb | 2.0.6c |
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| phpbb_group | phpbb | 2.0.11 |
| phpbb_group | phpbb | 2.0.2 |
| phpbb_group | phpbb | 2.0.3 |
| smartor | photo_album | 2.0.53 |
| phpbb_group | phpbb | 2.0.7a |
| phpbb_group | phpbb | 2.0.8a |
| phpbb_group | phpbb | 2.0.6 |
| phpbb_group | phpbb | 2.0.4 |
| phpbb_group | phpbb | 2.0.7 |
| phpbb_group | phpbb | 2.0.8 |
| phpbb_group | phpbb | 2.0.1 |
| phpbb_group | phpbb | 2.0.10 |
| phpbb_group | phpbb | 2.0.13 |
| phpbb_group | phpbb | 2.0.6d |
| phpbb_group | phpbb | 2.0.9 |
| phpbb_group | phpbb | 2.0.0 |
| phpbb_group | phpbb | 2.0.12 |
| phpbb_group | phpbb | 2.0.5 |
| phpbb_group | phpbb | 2.0.6c |