Description

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

Remediation

References

CVE-2009-4564

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2001-1454)

WordPress Plugin Theme My Login Security Bypass (6.4.6)

WordPress Plugin Safe SVG Cross-Site Scripting (1.9.5)

Drupal Core 8.8.x Cross-Site Scripting (8.8.0 - 8.8.5)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25815)

Severity

Medium

Classification

CVE-2009-4564 CWE-138

Tags

Missing Update Known Vulnerabilities