SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote malicious users to execute arbitrary SQL commands via the id parameter.
web-album webalbum 2.4b