header-logo
Suggest Exploit
vendor:
Zenphoto
by:
7.5
CVSS
HIGH
SQL-injection and Cross-site Scripting
89
CWE
Product Name: Zenphoto
Affected Version From: Zenphoto 1.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: zenphoto
Metasploit:
Other Scripts:
Platforms Tested:

SQL-injection and Cross-site Scripting Vulnerabilities in Zenphoto

Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

The vendor has not released a patch for this vulnerability. It is recommended to sanitize user-supplied data and implement proper input validation to mitigate the risk of SQL-injection and cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/43021/info

Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Zenphoto 1.3 is vulnerable; other versions may also be affected.

/zenphoto_1_3/zp-core/full-image.php?a=%24%7binjecthere%7d&i=system-bug.jpg&q=75

Navigation

Suggest Exploit

Services By CQR