Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote malicious users to execute arbitrary PHP code via the viewer_size_image_saved cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zenphoto zenphoto 1.4.2 |