Zenphoto viewer_size_image_saved Cookie Value eval() Call Remote PHP Code Execution

The remote host contains a Zenphoto installation that can be abused to execute arbitrary PHP code. In the file 'zp-core/zp-extensions/viewersizeimage.php' the value of the cookie 'viewersizeimagesaved' is not properly sanitized before being used in an 'eval' call. This can allow arbitrary PHP cod...

CVE-2012-0993

Eval injection vulnerability in zp-core/zp-extensions/viewersizeimage.php in ZENphoto 1.4.2, when the viewersizeimage plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewersizeimagesaved cookie...

CVE-2012-0993

Eval injection vulnerability in zp-core/zp-extensions/viewersizeimage.php in ZENphoto 1.4.2, when the viewersizeimage plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewersizeimagesaved cookie...

CVE-2012-0993

CVE-2012-0993 concerns Zenphoto 1.4.2. The vulnerability is an eval() code-injection in zp-core/zp-extensions/viewer_size_image.php, triggered when the viewer_size_image_saved cookie is not sanitized and the viewer_size_image plugin is enabled. An attacker can craft the cookie to execute arbitrar...