Zenphoto

Zenphoto

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2010-4907

  • EPSS 4.96%
  • Veröffentlicht 08.10.2011 10:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.

7.5

CVE-2010-4906

  • EPSS 1.39%
  • Veröffentlicht 08.10.2011 10:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.

7.5

CVE-2009-4566

  • EPSS 0.43%
  • Veröffentlicht 04.01.2010 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from ...

6.8

CVE-2009-4564

  • EPSS 0.1%
  • Veröffentlicht 04.01.2010 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

4.3

CVE-2009-4563

  • EPSS 0.98%
  • Veröffentlicht 04.01.2010 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-admin...

4.3

CVE-2009-4562

  • EPSS 0.19%
  • Veröffentlicht 04.01.2010 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.

4.3

CVE-2008-6925

  • EPSS 0.23%
  • Veröffentlicht 10.08.2009 20:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; ...

7.5

CVE-2007-6666

Exploit
  • EPSS 0.35%
  • Veröffentlicht 04.01.2008 11:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.

7.8

CVE-2007-0616

Exploit
  • EPSS 0.49%
  • Veröffentlicht 31.01.2007 11:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.

5

CVE-2006-2186

Exploit
  • EPSS 0.59%
  • Veröffentlicht 04.05.2006 12:38:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.