Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.Referenceshttp://secunia.com/advisories/30407https://exchange.xforce.ibmcloud.com/vulnerabilities/42670https://www.exploit-db.com/exploits/5683
