Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Zenphoto Subscribe
Total 31 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-0993 1 Zenphoto 1 Zenphoto 2017-08-28 6.8 MEDIUM N/A
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.
CVE-2012-0994 1 Zenphoto 1 Zenphoto 2017-08-28 6.0 MEDIUM N/A
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
CVE-2009-4566 1 Zenphoto 1 Zenphoto 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6925 1 Zenphoto 1 Zenphoto 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2015-5594 1 Zenphoto 1 Zenphoto 2017-07-31 4.3 MEDIUM 6.1 MEDIUM
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
CVE-2007-0616 1 Zenphoto 1 Zenphoto 2017-07-28 7.8 HIGH N/A
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
CVE-2013-7241 1 Zenphoto 1 Zenphoto 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2013-7242 1 Zenphoto 1 Zenphoto 2016-12-30 6.5 MEDIUM N/A
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
CVE-2015-2948 1 Zenphoto 1 Zenphoto 2016-12-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2949 1 Zenphoto 1 Zenphoto 2016-12-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2641 1 Zenphoto 1 Zenphoto 2012-07-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.