SQL Injection Vulnerability in ZENphoto Managed by ZENphoto Team
CVE-2012-0994

Currently unrated

Key Information:

Vendor

Zenphoto

Status
Zenphoto
Vendor
CVE Published:
21 February 2012

What is CVE-2012-0994?

A security flaw exists within ZENphoto's Manage Albums feature, specifically in the zp-core/admin-albumsort.php component. This vulnerability allows authenticated remote users to manipulate the application's database by injecting arbitrary SQL commands through the sortableList parameter. Successful exploitation of this flaw can lead to unauthorized data exposure and modification, raising significant concerns about the integrity and confidentiality of the database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.zenphoto.org/trac/changeset/8995
x_refsource_CONFIRM
http://www.zenphoto.org/trac/changeset/8994
x_refsource_CONFIRM
http://www.securityfocus.com/bid/51916
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.