Eval Injection Vulnerability in ZENphoto 1.4.2 by Zenphoto
CVE-2012-0993

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 21 February 2012

What is CVE-2012-0993?

The vulnerability in ZENphoto 1.4.2 arises from an eval injection flaw located in zp-core/zp-extensions/viewer_size_image.php. When the viewer_size_image plugin is activated, this issue allows attackers to execute arbitrary PHP code by manipulating the viewer_size_image_saved cookie. This risk can lead to severe compromises in web applications utilizing the affected version of ZENphoto, enabling unauthorized access and control over the server.

References

http://www.zenphoto.org/trac/changeset/8995

x_refsource_CONFIRM

http://www.zenphoto.org/trac/changeset/8994

x_refsource_CONFIRM

http://www.securityfocus.com/bid/51916

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2012
Vulnerability Reserved
Feb 2, 2012

JSON