Zenphoto@1.4.2 Security Vulnerabilities and Issues — Zenphoto@1.4.2 CVE List

Lucene search

ZenphotoZenphoto1.4.2

3 matches found

CVE•added 2012/02/21 1:31 p.m.•48 views

CVE-2012-0993

Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.

6.8CVSS7.8AI score0.01699EPSS

Web

CVE•added 2012/02/21 1:31 p.m.•45 views

CVE-2012-0995

Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.ph...

4.3CVSS5.7AI score0.00545EPSS

Web

CVE•added 2012/02/21 1:31 p.m.•44 views

CVE-2012-0994

SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.

6CVSS8AI score0.00722EPSS

Web