Published: 31/12/2019 Updated: 06/01/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SQL injection vulnerability in Zenphoto prior to 1.4.9 allow remote administrators to execute arbitrary SQL commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zenphoto zenphoto

Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto (wwwzenphotoorg/) Affected Version: 148 (probably also prior versions) Patched Version: 149 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection ============= There are multiple second orde ...

CWE-89 http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html https://www.openwall.com/lists/oss-security/2015/07/18/3 http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/http://www.zenphoto.org/news/zenphoto-1.4.9 https://nvd.nist.gov https://www.exploit-db.com/exploits/37602/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5591

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect