SQL Injection Vulnerability in ZENphoto Managed by ZENphoto Team
CVE-2012-0994

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 21 February 2012

What is CVE-2012-0994?

A security flaw exists within ZENphoto's Manage Albums feature, specifically in the zp-core/admin-albumsort.php component. This vulnerability allows authenticated remote users to manipulate the application's database by injecting arbitrary SQL commands through the sortableList parameter. Successful exploitation of this flaw can lead to unauthorized data exposure and modification, raising significant concerns about the integrity and confidentiality of the database.

References

http://www.zenphoto.org/trac/changeset/8995

x_refsource_CONFIRM

http://www.zenphoto.org/trac/changeset/8994

x_refsource_CONFIRM

http://www.securityfocus.com/bid/51916

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2012
Vulnerability Reserved
Feb 2, 2012

JSON

Zenphoto

What is CVE-2012-0994?

References

Timeline