Description
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Privilege Escalation (5.0.3)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7903)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12167)
Oracle Application Server Other Vulnerability (CVE-2006-5365)
WordPress Plugin Broken Link Manager Multiple Vulnerabilities (0.4.5)