Description

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

Remediation

References

CVE-2009-4564

Related Vulnerabilities

WordPress Plugin Responsive Menu-Create Mobile-Friendly Menu Multiple Vulnerabilities (4.0.3)

Drupal CVE-2008-4793 Vulnerability (CVE-2008-4793)

WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-6661)

WordPress Plugin Easy Watermark Security Bypass (0.7.0)

Severity

Medium

Classification

CVE-2009-4564 CWE-138

Tags

Missing Update Known Vulnerabilities