Description

SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-4906

Related Vulnerabilities

MediaWiki Other Vulnerability (CVE-2021-36126)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36108)

WordPress Plugin moreAds SE Cross-Site Scripting (1.4.6)

MySQL CVE-2014-0420 Vulnerability (CVE-2014-0420)

PHP Other Vulnerability (CVE-2016-4540)

Severity

High

Classification

CVE-2010-4906 CWE-138

Tags

Missing Update Known Vulnerabilities