SQL Injection Vulnerability in Zenphoto Affecting Remote Administrators
CVE-2013-7242

Currently unrated

Key Information:

Vendor: Zenphoto
Status: Zenphoto
Vendor: CVE Published:; 31 December 2013

What is CVE-2013-7242?

An SQL injection vulnerability exists in Zenphoto's wordpress_import.php file, specifically impacting versions prior to 1.4.5.4. This flaw enables remote authenticated administrators to inject and execute arbitrary SQL commands through manipulation of the tableprefix parameter. Such vulnerabilities can lead to unauthorized access and potential data breaches, underscoring the importance of keeping software up to date and implementing robust security measures.

References

http://openwall.com/lists/oss-security/2013/12/30/10

mailing-listx_refsource_MLIST

http://seclists.org/bugtraq/2013/Oct/20

mailing-listx_refsource_BUGTRAQ

http://openwall.com/lists/oss-security/2013/12/29/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2013
Vulnerability Reserved
Dec 30, 2013

JSON