Summary
Zenphoto is prone to multiple cross-site scripting vulnerabilities, an SQL-injection vulnerability, and a PHP code-injection vulnerability.
An attacker can exploit the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie- based authentication credentials. The PHP code injection can be exploited to inject and execute arbitrary malicious PHP code in the context of the webserver process.
An attacker may be able to modify the logic of SQL queries. A successful exploit may allow the attacker to compromise the software, retrieve information, or modify data
other consequences
are possible as well.
ZENphoto 1.4.2 is vulnerable
other versions may also be affected
Solution
The vendor released updates to address these issues. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2011-4448, CVE-2012-0993, CVE-2012-0995 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- aflog Cookie-Based Authentication Bypass Vulnerability
- ARRIS 2307 Unprotected Web Console
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability