Description
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.
Remediation
References
Related Vulnerabilities
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2008-3963)
Lighttpd Other Vulnerability (CVE-2006-0814)
WordPress Plugin Events Widgets For Elementor And The Events Calendar Security Bypass (1.4.3)
YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)