Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 25/07/2017 Updated: 31/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The sanitize_string function in ZenPhoto prior to 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote malicious users to perform a cross-site scripting (XSS) via a crafted string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zenphoto zenphoto

Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto (wwwzenphotoorg/) Affected Version: 148 (probably also prior versions) Patched Version: 149 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection ============= There are multiple second orde ...

CWE-79 https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/http://www.zenphoto.org/news/zenphoto-1.4.9 http://www.openwall.com/lists/oss-security/2015/07/18/3 http://cve.killedkenny.io/cve/CVE-2015-5594 https://nvd.nist.gov https://www.exploit-db.com/exploits/37602/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5594

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect