4.3
CVSSv2

CVE-2015-5595

Published: 31/12/2019 Updated: 07/01/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto prior to 1.4.9 allows remote malicious users to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).

Vulnerability Trend

Affected Products

Vendor Product Versions
ZenphotoZenphoto0.1.1, 0.1.2, 0.2, 0.2.2, 0.3, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.5.0, 0.6.0, 0.8.0, 0.8.1, 0.8.2, 0.9, 1.0, 1.0.1, 1.0.4, 1.0.5, 1.0.6, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.7, 1.2.5, 1.3, 1.3.1.2, 1.4.2, 1.4.2.1, 1.4.2.2, 1.4.2.3, 1.4.2.4, 1.4.3, 1.4.3.1, 1.4.3.2, 1.4.3.3, 1.4.3.4, 1.4.5, 1.4.5.1, 1.4.5.2, 1.4.5.3, 1.4.5.4, 1.4.5.5, 1.4.5.6, 1.4.5.7, 1.4.5.8, 1.4.7

Exploits

Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto (wwwzenphotoorg/) Affected Version: 148 (probably also prior versions) Patched Version: 149 Risk: Medium Vendor Contacted: 2015-05-18 Vendor Fix: 2015-07-09 Public Disclosure: 2015-07-10 SQL Injection ============= There are multiple second orde ...