Description

SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.

Remediation

References

CVE-2007-6666

Related Vulnerabilities

MediaWiki Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-35624)

WordPress Plugin SendinBlue Subscribe Form And WP SMTP Multiple Unspecified Vulnerabilities (2.7.3)

Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)

Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8166)

WordPress Plugin WooCommerce Multiple Vulnerabilities (6.2.0)

Severity

High

Classification

CVE-2007-6666 CWE-138

Tags

Missing Update Known Vulnerabilities