SQL Injection Vulnerability in Zenphoto by Zenphoto Team
CVE-2010-4906

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 8 October 2011

What is CVE-2010-4906?

A vulnerability exists in the Zenphoto content management system that allows remote attackers to execute arbitrary SQL commands through the 'a' parameter in the zp-core/full-image.php file. This flaw can lead to unauthorized access to the database, potentially compromising sensitive data. Users of Zenphoto versions 1.3 and 1.3.1.2 are advised to implement security measures to mitigate the risk.

References

http://packetstormsecurity.org/1009-exploits/zenphoto-sql...

x_refsource_MISC

http://www.securityfocus.com/bid/43021

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/513525/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2011
Vulnerability Reserved
Oct 7, 2011

JSON