Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
[
{
"product": "Zenphoto",
"vendor": "Zenphoto",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.5.7"
}
]
}
]