Zenphoto versions before 1.5.7 allows an malicious user to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
zenphoto zenphoto