WEB APPLICATION VULNERABILITIES Standard & Premium

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-5591)

Description

SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.

Remediation

References

Related Vulnerabilities

WordPress Plugin My Tickets Security Bypass (1.9.11)

WordPress Plugin Post Grid Arbitrary File Deletion (2.0.12)

WordPress Plugin Klaviyo Cross-Site Scripting (3.0.9)

Apache Tomcat Cryptographic Issues Vulnerability (CVE-2011-5064)

WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)

Severity

High

Classification

CVE-2015-5591 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities