SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote malicious users to execute arbitrary SQL commands via the album parameter.
tcwonline tcw php album 1.0