CSRF Vulnerability in Zenphoto by Zenphoto Team
CVE-2015-5595

6.5MEDIUM

Key Information:

Vendor

Zenphoto

Status
Zenphoto
Vendor
CVE Published:
31 December 2019

What is CVE-2015-5595?

A cross-site request forgery (CSRF) vulnerability exists in Zenphoto's admin.php, which can be exploited by remote attackers to hijack admin user authentication. This vulnerability can lead to unauthorized actions that could cause denial of service due to resource consumption, highlighting the importance of safeguarding web applications against such attacks.

References

https://software-talk.org/blog/2015/07/second-order-sql-i...
x_refsource_MISC
http://www.zenphoto.org/news/zenphoto-1.4.9
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/07/18/3
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.