Description SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. Remediation References CVE-2015-5591 Related Vulnerabilities WordPress Plugin My Tickets Security Bypass (1.9.11) WordPress Plugin Post Grid Arbitrary File Deletion (2.0.12) WordPress Plugin Klaviyo Cross-Site Scripting (3.0.9) Apache Tomcat Cryptographic Issues Vulnerability (CVE-2011-5064) WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8) Severity High Classification CVE-2015-5591 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Tags Missing Update Known Vulnerabilities