6 matches found
Zenphoto CMS 1.5.7 Shell Upload
Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - = 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then FileselFinder drag and drop any malicious php...
Zenphoto 1.4.11 Remote File Inclusion
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Zenphoto 1.4.11 Fixed in: 1.4.12 Fixed Version Link: https://github.com/zenphoto/zenphoto/archive/ zenphoto-1.4.12.zip Vendor Website: http://www.zenphoto.org/ Vulnerability Type: RFI Remote Exploitable: Yes Reported to...
JVN#68452022: Zenphoto vulnerable to cross-site scripting
Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...
Zenphoto CMS 1.3 - Multiple CSRF Vulnerabilities
No description provided by source. !--- Title: Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Wed 14 Jul 2010 12:48:56 PM EEST Vendor: http://www.zenphoto.org/ Download: http://zenphoto.googlecode.com/files/zenphoto-1.3.tar.gz --- -= CSRF PoC 1 - Change Admin...
Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities
Exploit for php platform in category web applications ============================================== Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities ============================================== Date: Wed 14 Jul 2010 12:48:56 PM EEST Vendor: http://www.zenphoto.org/ Download:...
ZenPhoto CMS 1.3 - Multiple Cross-Site Request Forgery Vulnerabilities
Date: Wed 14 Jul 2010 12:48:56 PM EEST Vendor: http://www.zenphoto.org/ Download: http://zenphoto.googlecode.com/files/zenphoto-1.3.tar.gz --- -= CSRF PoC 1 - Change Admin Password =- Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities - Change Admin Password input type="...