Description

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

Remediation

References

CVE-2009-4564

Related Vulnerabilities

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-46732)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000395)

WordPress Plugin Sell Downloads Unspecified Vulnerability (1.0.85)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7531)

WordPress Plugin Ad Invalid Click Protector (AICP) Malicious Code (1.2.9)

Severity

Medium

Classification

CVE-2009-4564 CWE-138

Tags

Missing Update Known Vulnerabilities