SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote malicious users to execute arbitrary SQL commands via the AlbumId parameter.
rafal kucharski rtwebalbum 1.0.462