SQL injection vulnerability in album.asp in KAPhotoservice allows remote malicious users to execute arbitrary SQL commands via the albumid parameter.
kaphotoservice kaphotoservice