EUVD-2010-4871

Malware in sbrugna...

EUVD-2012-1018

Malware in sbrugna...

PT-2013-6302 · Zenphoto · Zenphoto

Name of the Vulnerable Software and Affected Versions: Zenphoto versions prior to 1.4.5.4 Description: The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved via the tableprefix parameter in the wordpress import.php file within the...

CVE-2012-0993

Eval injection vulnerability in zp-core/zp-extensions/viewersizeimage.php in ZENphoto 1.4.2, when the viewersizeimage plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewersizeimagesaved cookie...

CVE-2012-0994

Zenphoto 1.4.2 is affected by a SQL injection via the sortableList parameter in zp-core/admin-albumsort.php (CVE-2012-0994). The vulnerability requires the attacker to be authenticated and have access to the Manage Albums function; remote SQL commands can be executed by manipulating the POST sort...

CVE-2012-0993

Eval injection vulnerability in zp-core/zp-extensions/viewersizeimage.php in ZENphoto 1.4.2, when the viewersizeimage plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewersizeimagesaved cookie...

CVE-2010-4906

CVE-2010-4906 concerns SQL injection in Zenphoto before and including 1.3.1.2 via zp-core/full-image.php when processing the parameter a. Affected product: Zenphoto 1.3 and 1.3.1.2. Root cause: unsafely constructed SQL in the mentioned script enables remote attackers to execute arbitrary SQL comm...