Lucene search

[email protected]CVE-2012-0993

HistoryFeb 21, 2012 - 1:31 p.m.

CVE-2012-0993

2012-02-2113:31:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2012-0993

eval injection

zenphoto 1.4.2

security vulnerability

remote code execution

nvd

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.6%

JSON

Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.

CPENameOperatorVersion
zenphoto:zenphotozenphotoeq1.4.2

CPE	Name	Operator	Version
zenphoto:zenphoto	zenphoto	eq	1.4.2

References

archives.neohapsis.com/archives/bugtraq/2012-02/0037.html

secunia.com/advisories/47875

www.securityfocus.com/bid/51916

www.zenphoto.org/news/zenphoto-1.4.2.1

www.zenphoto.org/trac/changeset/8994

www.zenphoto.org/trac/changeset/8995

exchange.xforce.ibmcloud.com/vulnerabilities/73081

www.htbridge.ch/advisory/HTB23070

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2012-0993

dsquare1 nessus2 prion1 cvelist1 packetstorm1 htbridge1 securityvulns2 openvas2