Zenphoto : Security Vulnerabilities, CVEs, Published In 2010
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.13%
Published
2010-01-04
Updated
2017-08-17
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.
Max CVSS
6.8
EPSS Score
0.11%
Published
2010-01-04
Updated
2017-09-19
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
Max CVSS
4.3
EPSS Score
0.26%
Published
2010-01-04
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-01-04
Updated
2017-09-19
4 vulnerabilities found