ZENphoto version 1.4.2 suffers from PHP code execution, cross site scripting and remote SQL injection vulnerabilities.