Description
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
Remediation
References
Related Vulnerabilities
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2865)
WordPress Plugin Influencer Marketing & Press Release System Cross-Site Scripting (2.2)
WordPress Plugin Visual Form Builder Unspecified Vulnerability (3.0.5)
WordPress Plugin Magic Fields 2 Cross-Site Scripting (2.3.2.4)