Zenphoto@1.2.5 Security Vulnerabilities and Issues — Zenphoto@1.2.5 CVE List

Lucene search

ZenphotoZenphoto1.2.5

5 matches found

CVE•added 2010/01/04 9:30 p.m.•42 views

CVE-2009-4563

Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.

4.3CVSS7.5AI score0.00981EPSS

Web

CVE•added 2010/01/04 9:30 p.m.•42 views

CVE-2009-4564

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

6.8CVSS8.7AI score0.00103EPSS

Web

CVE•added 2010/01/04 9:30 p.m.•41 views

CVE-2009-4562

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

4.3CVSS5.8AI score0.0019EPSS

Web

CVE•added 2012/07/05 5:55 p.m.•36 views

CVE-2012-2641

Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.

4.3CVSS5.9AI score0.00254EPSS

CVE•added 2010/01/04 9:30 p.m.•32 views

CVE-2009-4566

SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5CVSS8.3AI score0.00425EPSS