All the vulnerabilites related to Zenphoto - Zenphoto
jvndb-2020-000038
Vulnerability from jvndb
Published
2020-06-11 17:17
Modified
2020-06-11 17:17
Severity ?
Summary
Multiple vulnerabilities in Zenphoto
Details
Zenphoto is a content management system (CMS). Zenphoto contains multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2020-5592
* Code Injection (CWE-94) - CVE-2020-5593
Tomohisa Maeda of Panasonic Corporation, Product Security Center reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000038.html",
"dc:date": "2020-06-11T17:17+09:00",
"dcterms:issued": "2020-06-11T17:17+09:00",
"dcterms:modified": "2020-06-11T17:17+09:00",
"description": "Zenphoto is a content management system (CMS). Zenphoto contains multiple vulnerabilities listed below.\r\n\r\n * Cross-site Scripting (CWE-79) - CVE-2020-5592\r\n * Code Injection (CWE-94) - CVE-2020-5593 \r\n\r\nTomohisa Maeda of Panasonic Corporation, Product Security Center reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000038.html",
"sec:cpe": {
"#text": "cpe:/a:zenphoto:zenphoto",
"@product": "Zenphoto",
"@vendor": "Zenphoto",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000038",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32252648/index.html",
"@id": "JVN#32252648",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5592",
"@id": "CVE-2020-5592",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5593",
"@id": "CVE-2020-5593",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5592",
"@id": "CVE-2020-5592",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5593",
"@id": "CVE-2020-5593",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
}
],
"title": "Multiple vulnerabilities in Zenphoto"
}
jvndb-2012-000065
Vulnerability from jvndb
Published
2012-07-03 14:49
Modified
2012-07-03 14:49
Summary
Zenphoto vulnerable to cross-site scripting
Details
Zenphoto contains a cross-site scripting vulnerability.
Zenphoto is a content management system (CMS). Zenphoto contains a cross-site scripting vulnerability.
Yuji Tounai of bogus.jp reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000065.html",
"dc:date": "2012-07-03T14:49+09:00",
"dcterms:issued": "2012-07-03T14:49+09:00",
"dcterms:modified": "2012-07-03T14:49+09:00",
"description": "Zenphoto contains a cross-site scripting vulnerability.\r\n\r\nZenphoto is a content management system (CMS). Zenphoto contains a cross-site scripting vulnerability.\r\n\r\nYuji Tounai of bogus.jp reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000065.html",
"sec:cpe": {
"#text": "cpe:/a:zenphoto:zenphoto",
"@product": "Zenphoto",
"@vendor": "Zenphoto",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000065",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN59842447/index.html",
"@id": "JVN#59842447",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2641",
"@id": "CVE-2012-2641",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2641",
"@id": "CVE-2012-2641",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Zenphoto vulnerable to cross-site scripting"
}
jvndb-2022-000098
Vulnerability from jvndb
Published
2022-12-19 13:39
Modified
2022-12-19 13:39
Severity ?
Summary
Zenphoto vulnerable to cross-site scripting
Details
Zenphoto contains a stored cross-site scripting vulnerability (CWE-79).
Terada Yu of Fujitsu System Integration Laboratories reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN06093462/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-44449 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-44449 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000098.html",
"dc:date": "2022-12-19T13:39+09:00",
"dcterms:issued": "2022-12-19T13:39+09:00",
"dcterms:modified": "2022-12-19T13:39+09:00",
"description": "Zenphoto contains a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nTerada Yu of Fujitsu System Integration Laboratories reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000098.html",
"sec:cpe": {
"#text": "cpe:/a:zenphoto:zenphoto",
"@product": "Zenphoto",
"@vendor": "Zenphoto",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000098",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN06093462/index.html",
"@id": "JVN#06093462",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-44449",
"@id": "CVE-2022-44449",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-44449",
"@id": "CVE-2022-44449",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Zenphoto vulnerable to cross-site scripting"
}
jvndb-2018-000062
Vulnerability from jvndb
Published
2018-06-13 15:11
Modified
2018-06-13 15:11
Severity ?
Summary
Local File Inclusion vulnerability in Zenphoto
Details
Zenphoto is a content management system (CMS). Zenphoto contains a Local File Inclusion vulnerability.
ASAI Ken reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000062.html",
"dc:date": "2018-06-13T15:11+09:00",
"dcterms:issued": "2018-06-13T15:11+09:00",
"dcterms:modified": "2018-06-13T15:11+09:00",
"description": "Zenphoto is a content management system (CMS). Zenphoto contains a Local File Inclusion vulnerability.\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000062.html",
"sec:cpe": {
"#text": "cpe:/a:zenphoto:zenphoto",
"@product": "Zenphoto",
"@vendor": "Zenphoto",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.5",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000062",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN33124193/index.html",
"@id": "JVN#33124193",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0610",
"@id": "CVE-2018-0610",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0610",
"@id": "CVE-2018-0610",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Local File Inclusion vulnerability in Zenphoto"
}
jvndb-2015-000070
Vulnerability from jvndb
Published
2015-05-28 13:42
Modified
2015-06-03 18:06
Summary
Zenphoto vulnerable to cross-site scripting
Details
Zenphoto is a content management system (CMS). Zenphoto contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing encoded user-supplied input.
Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000070.html",
"dc:date": "2015-06-03T18:06+09:00",
"dcterms:issued": "2015-05-28T13:42+09:00",
"dcterms:modified": "2015-06-03T18:06+09:00",
"description": "Zenphoto is a content management system (CMS). Zenphoto contains a cross-site scripting vulnerability (CWE-79) due to a flaw in processing encoded user-supplied input.\r\n\r\nGen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000070.html",
"sec:cpe": {
"#text": "cpe:/a:zenphoto:zenphoto",
"@product": "Zenphoto",
"@vendor": "Zenphoto",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2015-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN68452022/index.html",
"@id": "JVN#68452022",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2948",
"@id": "CVE-2015-2948",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2948",
"@id": "CVE-2015-2948",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Zenphoto vulnerable to cross-site scripting"
}
cve-2015-5594
Vulnerability from cvelistv5
Published
2017-07-25 18:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zenphoto.org/news/zenphoto-1.4.9 | x_refsource_CONFIRM | |
| https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/07/18/3 | mailing-list, x_refsource_MLIST | |
| http://cve.killedkenny.io/cve/CVE-2015-5594 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"name": "[oss-security] 20150718 Re: CVE request: Zenphoto before 1.4.9 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cve.killedkenny.io/cve/CVE-2015-5594"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"name": "[oss-security] 20150718 Re: CVE request: Zenphoto before 1.4.9 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cve.killedkenny.io/cve/CVE-2015-5594"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"name": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"refsource": "MISC",
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"name": "[oss-security] 20150718 Re: CVE request: Zenphoto before 1.4.9 multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
},
{
"name": "http://cve.killedkenny.io/cve/CVE-2015-5594",
"refsource": "MISC",
"url": "http://cve.killedkenny.io/cve/CVE-2015-5594"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5594",
"datePublished": "2017-07-25T18:00:00",
"dateReserved": "2015-07-17T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5593
Vulnerability from cvelistv5
Published
2020-06-11 07:00
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zenphoto.org/news/zenphoto-1.5.7/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN32252648/index.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zenphoto.org/news/zenphoto-1.5.7/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32252648/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zenphoto",
"vendor": "Zenphoto",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-11T07:00:18",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zenphoto.org/news/zenphoto-1.5.7/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32252648/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zenphoto",
"version": {
"version_data": [
{
"version_value": "versions prior to 1.5.7"
}
]
}
}
]
},
"vendor_name": "Zenphoto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zenphoto.org/news/zenphoto-1.5.7/",
"refsource": "MISC",
"url": "https://www.zenphoto.org/news/zenphoto-1.5.7/"
},
{
"name": "https://jvn.jp/en/jp/JVN32252648/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32252648/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5593",
"datePublished": "2020-06-11T07:00:19",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7242
Vulnerability from cvelistv5
Published
2013-12-31 11:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2013/12/30/10 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/bugtraq/2013/Oct/20 | mailing-list, x_refsource_BUGTRAQ | |
| http://openwall.com/lists/oss-security/2013/12/29/1 | mailing-list, x_refsource_MLIST | |
| http://www.zenphoto.org/news/zenphoto-1.4.5.4 | x_refsource_MISC | |
| http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/62815 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131230 Re: CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/10"
},
{
"name": "20131003 [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Oct/20"
},
{
"name": "[oss-security] 20131230 CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/12/29/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.5.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01"
},
{
"name": "62815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131230 Re: CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/10"
},
{
"name": "20131003 [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Oct/20"
},
{
"name": "[oss-security] 20131230 CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/12/29/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.5.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01"
},
{
"name": "62815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131230 Re: CVE request: Zenphoto 1.4.5.4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/30/10"
},
{
"name": "20131003 [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Oct/20"
},
{
"name": "[oss-security] 20131230 CVE request: Zenphoto 1.4.5.4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/29/1"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.5.4",
"refsource": "MISC",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.5.4"
},
{
"name": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01",
"refsource": "MISC",
"url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01"
},
{
"name": "62815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7242",
"datePublished": "2013-12-31T11:00:00",
"dateReserved": "2013-12-30T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5595
Vulnerability from cvelistv5
Published
2019-12-31 20:42
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
References
| ▼ | URL | Tags |
|---|---|---|
| https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/ | x_refsource_MISC | |
| http://www.zenphoto.org/news/zenphoto-1.4.9 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/07/18/3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:03.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T20:42:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"refsource": "MISC",
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"refsource": "MISC",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/07/18/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5595",
"datePublished": "2019-12-31T20:42:50",
"dateReserved": "2015-07-17T00:00:00",
"dateUpdated": "2024-08-06T06:50:03.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5592
Vulnerability from cvelistv5
Published
2020-06-11 07:00
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zenphoto.org/news/zenphoto-1.5.7/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN32252648/index.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zenphoto.org/news/zenphoto-1.5.7/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32252648/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zenphoto",
"vendor": "Zenphoto",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-11T07:00:18",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zenphoto.org/news/zenphoto-1.5.7/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32252648/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zenphoto",
"version": {
"version_data": [
{
"version_value": "versions prior to 1.5.7"
}
]
}
}
]
},
"vendor_name": "Zenphoto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zenphoto.org/news/zenphoto-1.5.7/",
"refsource": "MISC",
"url": "https://www.zenphoto.org/news/zenphoto-1.5.7/"
},
{
"name": "https://jvn.jp/en/jp/JVN32252648/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32252648/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5592",
"datePublished": "2020-06-11T07:00:18",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6925
Vulnerability from cvelistv5
Published
2009-08-10 20:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the "request logging" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30172 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43864 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30172",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30172"
},
{
"name": "zenphoto-function-xss(43864)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the \"request logging\" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30172",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30172"
},
{
"name": "zenphoto-function-xss(43864)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43864"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in function.php in Zenphoto 1.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the \"request logging\" feature. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30172"
},
{
"name": "zenphoto-function-xss(43864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43864"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6925",
"datePublished": "2009-08-10T20:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20140
Vulnerability from cvelistv5
Published
2019-03-17 20:00
Modified
2024-08-05 11:51
Severity ?
EPSS score ?
Summary
Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:51:19.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151052/ZenPhoto-1.4.14-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/22"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T20:00:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151052/ZenPhoto-1.4.14-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/22"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151052/ZenPhoto-1.4.14-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151052/ZenPhoto-1.4.14-Cross-Site-Scripting.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/22",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/22"
},
{
"name": "https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da",
"refsource": "MISC",
"url": "https://github.com/zenphoto/zenphoto/commit/9db85fcf9cc97887b81f34f03dcb180fd74e57da"
},
{
"name": "https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a",
"refsource": "MISC",
"url": "https://github.com/zenphoto/zenphoto/commit/695fb61707e4286b64f6e446c189b449bd07d00a"
},
{
"name": "https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/",
"refsource": "MISC",
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-043-cross-site-scripting-in-zenphoto/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20140",
"datePublished": "2019-03-17T20:00:25",
"dateReserved": "2018-12-13T00:00:00",
"dateUpdated": "2024-08-05T11:51:19.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2948
Vulnerability from cvelistv5
Published
2015-05-31 17:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN68452022/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.zenphoto.org/news/zenphoto-1.4.8 | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000070 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/74895 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#68452022",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN68452022/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.8"
},
{
"name": "JVNDB-2015-000070",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000070"
},
{
"name": "74895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#68452022",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN68452022/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.8"
},
{
"name": "JVNDB-2015-000070",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000070"
},
{
"name": "74895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#68452022",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN68452022/index.html"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.8",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.8"
},
{
"name": "JVNDB-2015-000070",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000070"
},
{
"name": "74895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-2948",
"datePublished": "2015-05-31T17:00:00",
"dateReserved": "2015-04-07T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2187
Vulnerability from cvelistv5
Published
2006-05-04 10:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/432718/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26219 | vdb-entry, x_refsource_XF | |
| http://zone14.free.fr/advisories/2/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/17779 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432718/100/0/threaded"
},
{
"name": "zenphoto-index-i-xss(26219)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26219"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zone14.free.fr/advisories/2/"
},
{
"name": "17779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432718/100/0/threaded"
},
{
"name": "zenphoto-index-i-xss(26219)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26219"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zone14.free.fr/advisories/2/"
},
{
"name": "17779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432718/100/0/threaded"
},
{
"name": "zenphoto-index-i-xss(26219)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26219"
},
{
"name": "http://zone14.free.fr/advisories/2/",
"refsource": "MISC",
"url": "http://zone14.free.fr/advisories/2/"
},
{
"name": "17779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2187",
"datePublished": "2006-05-04T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6666
Vulnerability from cvelistv5
Published
2008-01-04 11:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/4823 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/39786 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/27084 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39341 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/28281 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4823",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4823"
},
{
"name": "39786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39786"
},
{
"name": "27084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27084"
},
{
"name": "zenphoto-rss-sql-injection(39341)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39341"
},
{
"name": "28281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4823",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4823"
},
{
"name": "39786",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39786"
},
{
"name": "27084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27084"
},
{
"name": "zenphoto-rss-sql-injection(39341)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39341"
},
{
"name": "28281",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4823",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4823"
},
{
"name": "39786",
"refsource": "OSVDB",
"url": "http://osvdb.org/39786"
},
{
"name": "27084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27084"
},
{
"name": "zenphoto-rss-sql-injection(39341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39341"
},
{
"name": "28281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6666",
"datePublished": "2008-01-04T11:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0616
Vulnerability from cvelistv5
Published
2007-01-31 11:00
Modified
2024-08-07 12:26
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32102 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/33072 | vdb-entry, x_refsource_OSVDB | |
| http://www.zenphoto.org/support/topic.php?id=1148 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/24026 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.zenphoto.org/support/topic.php?id=1146&replies=3 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/22368 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/0470 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:53.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zenphoto-template-directory-traversal(32102)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32102"
},
{
"name": "33072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/support/topic.php?id=1148"
},
{
"name": "24026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zenphoto.org/support/topic.php?id=1146\u0026replies=3"
},
{
"name": "22368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22368"
},
{
"name": "ADV-2007-0470",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via \"..\" sequences in the album parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zenphoto-template-directory-traversal(32102)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32102"
},
{
"name": "33072",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/support/topic.php?id=1148"
},
{
"name": "24026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zenphoto.org/support/topic.php?id=1146\u0026replies=3"
},
{
"name": "22368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22368"
},
{
"name": "ADV-2007-0470",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via \"..\" sequences in the album parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zenphoto-template-directory-traversal(32102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32102"
},
{
"name": "33072",
"refsource": "OSVDB",
"url": "http://osvdb.org/33072"
},
{
"name": "http://www.zenphoto.org/support/topic.php?id=1148",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/support/topic.php?id=1148"
},
{
"name": "24026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24026"
},
{
"name": "http://www.zenphoto.org/support/topic.php?id=1146\u0026replies=3",
"refsource": "MISC",
"url": "http://www.zenphoto.org/support/topic.php?id=1146\u0026replies=3"
},
{
"name": "22368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22368"
},
{
"name": "ADV-2007-0470",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0616",
"datePublished": "2007-01-31T11:00:00",
"dateReserved": "2007-01-30T00:00:00",
"dateUpdated": "2024-08-07T12:26:53.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7241
Vulnerability from cvelistv5
Published
2013-12-31 11:00
Modified
2024-08-06 18:01
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2013/12/30/10 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/bugtraq/2013/Oct/20 | mailing-list, x_refsource_BUGTRAQ | |
| http://openwall.com/lists/oss-security/2013/12/29/1 | mailing-list, x_refsource_MLIST | |
| http://www.zenphoto.org/news/zenphoto-1.4.5.4 | x_refsource_MISC | |
| http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/62815 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131230 Re: CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/10"
},
{
"name": "20131003 [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Oct/20"
},
{
"name": "[oss-security] 20131230 CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/12/29/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.5.4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01"
},
{
"name": "62815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/62815"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20131230 Re: CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/12/30/10"
},
{
"name": "20131003 [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Oct/20"
},
{
"name": "[oss-security] 20131230 CVE request: Zenphoto 1.4.5.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/12/29/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.5.4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01"
},
{
"name": "62815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/62815"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131230 Re: CVE request: Zenphoto 1.4.5.4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/30/10"
},
{
"name": "20131003 [SOJOBO-ADV-13-01] - Zenphoto 1.4.5.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Oct/20"
},
{
"name": "[oss-security] 20131230 CVE request: Zenphoto 1.4.5.4",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/29/1"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.5.4",
"refsource": "MISC",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.5.4"
},
{
"name": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01",
"refsource": "MISC",
"url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-01"
},
{
"name": "62815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62815"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7241",
"datePublished": "2013-12-31T11:00:00",
"dateReserved": "2013-12-30T00:00:00",
"dateUpdated": "2024-08-06T18:01:19.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4562
Vulnerability from cvelistv5
Published
2010-01-04 21:00
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51781 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/55922 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/35863 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/9166 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zenphoto-admin-xss(51781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51781"
},
{
"name": "55922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55922"
},
{
"name": "35863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35863"
},
{
"name": "9166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zenphoto-admin-xss(51781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51781"
},
{
"name": "55922",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55922"
},
{
"name": "35863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35863"
},
{
"name": "9166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zenphoto-admin-xss(51781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51781"
},
{
"name": "55922",
"refsource": "OSVDB",
"url": "http://osvdb.org/55922"
},
{
"name": "35863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35863"
},
{
"name": "9166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4562",
"datePublished": "2010-01-04T21:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T07:08:38.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0610
Vulnerability from cvelistv5
Published
2018-06-26 14:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zenphoto.org/news/zenphoto-1.5 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN33124193/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zenphoto.org/news/zenphoto-1.5"
},
{
"name": "JVN#33124193",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN33124193/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zenphoto",
"vendor": "Zenphoto",
"versions": [
{
"status": "affected",
"version": "1.4.14 and earlier"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local file inclusion vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-26T13:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zenphoto.org/news/zenphoto-1.5"
},
{
"name": "JVN#33124193",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN33124193/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zenphoto",
"version": {
"version_data": [
{
"version_value": "1.4.14 and earlier"
}
]
}
}
]
},
"vendor_name": "Zenphoto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local file inclusion vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zenphoto.org/news/zenphoto-1.5",
"refsource": "MISC",
"url": "https://www.zenphoto.org/news/zenphoto-1.5"
},
{
"name": "JVN#33124193",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN33124193/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0610",
"datePublished": "2018-06-26T14:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4566
Vulnerability from cvelistv5
Published
2010-01-04 21:00
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/55920 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51799 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/35863 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55920"
},
{
"name": "zenphoto-title-sql-injection(51799)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51799"
},
{
"name": "35863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55920",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55920"
},
{
"name": "zenphoto-title-sql-injection(51799)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51799"
},
{
"name": "35863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55920",
"refsource": "OSVDB",
"url": "http://osvdb.org/55920"
},
{
"name": "zenphoto-title-sql-injection(51799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51799"
},
{
"name": "35863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4566",
"datePublished": "2010-01-04T21:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2641
Vulnerability from cvelistv5
Published
2012-07-05 17:00
Modified
2024-09-16 19:25
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zenphoto.org/news/zenphoto-1.4.3 | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN59842447/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.3"
},
{
"name": "JVNDB-2012-000065",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065"
},
{
"name": "JVN#59842447",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN59842447/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-05T17:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.3"
},
{
"name": "JVNDB-2012-000065",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065"
},
{
"name": "JVN#59842447",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN59842447/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.3",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.3"
},
{
"name": "JVNDB-2012-000065",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000065"
},
{
"name": "JVN#59842447",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN59842447/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-2641",
"datePublished": "2012-07-05T17:00:00Z",
"dateReserved": "2012-05-14T00:00:00Z",
"dateUpdated": "2024-09-16T19:25:21.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-44449
Vulnerability from cvelistv5
Published
2022-12-21 00:00
Modified
2025-04-16 17:35
Severity ?
EPSS score ?
Summary
Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zenphoto.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zenphoto/zenphoto"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN06093462/index.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:34:40.836516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:35:09.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zenphoto",
"vendor": "Zenphoto",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-21T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.zenphoto.org/"
},
{
"url": "https://github.com/zenphoto/zenphoto"
},
{
"url": "https://jvn.jp/en/jp/JVN06093462/index.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-44449",
"datePublished": "2022-12-21T00:00:00.000Z",
"dateReserved": "2022-12-07T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:35:09.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0993
Vulnerability from cvelistv5
Published
2012-02-21 00:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zenphoto.org/trac/changeset/8995 | x_refsource_CONFIRM | |
| http://www.zenphoto.org/trac/changeset/8994 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51916 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47875 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.htbridge.ch/advisory/HTB23070 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73081 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zenphoto.org/news/zenphoto-1.4.2.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "zenphoto-viewersizeimage-code-execution(73081)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73081"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "zenphoto-viewersizeimage-code-execution(73081)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73081"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/trac/changeset/8995",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"name": "http://www.zenphoto.org/trac/changeset/8994",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "51916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47875"
},
{
"name": "https://www.htbridge.ch/advisory/HTB23070",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "zenphoto-viewersizeimage-code-execution(73081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73081"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.2.1",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0993",
"datePublished": "2012-02-21T00:00:00",
"dateReserved": "2012-02-02T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4519
Vulnerability from cvelistv5
Published
2020-02-11 17:19
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/11/10 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/07/10/19 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/10/19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zenphoto",
"vendor": "Zenphoto",
"versions": [
{
"status": "affected",
"version": "before 1.4.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-11T17:19:42",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/10/19"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zenphoto",
"version": {
"version_data": [
{
"version_value": "before 1.4.3.4"
}
]
}
}
]
},
"vendor_name": "Zenphoto"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2012/10/11/10",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/10"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/07/10/19",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/07/10/19"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4519",
"datePublished": "2020-02-11T17:19:42",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:35:09.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2949
Vulnerability from cvelistv5
Published
2015-05-31 17:00
Modified
2024-08-06 05:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN51176150/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000071 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/74889 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:32:20.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#51176150",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51176150/index.html"
},
{
"name": "JVNDB-2015-000071",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000071"
},
{
"name": "74889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#51176150",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51176150/index.html"
},
{
"name": "JVNDB-2015-000071",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000071"
},
{
"name": "74889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-2949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51176150",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51176150/index.html"
},
{
"name": "JVNDB-2015-000071",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000071"
},
{
"name": "74889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-2949",
"datePublished": "2015-05-31T17:00:00",
"dateReserved": "2015-04-07T00:00:00",
"dateUpdated": "2024-08-06T05:32:20.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5592
Vulnerability from cvelistv5
Published
2019-12-31 20:42
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:03.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T20:42:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"name": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"refsource": "MISC",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"name": "https://www.openwall.com/lists/oss-security/2015/07/18/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5592",
"datePublished": "2019-12-31T20:42:43",
"dateReserved": "2015-07-17T00:00:00",
"dateUpdated": "2024-08-06T06:50:03.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5591
Vulnerability from cvelistv5
Published
2019-12-31 20:42
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T20:42:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132667/ZenPhoto-1.4.8-XSS-SQL-Injection-Traversal.html"
},
{
"name": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"refsource": "MISC",
"url": "http://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"refsource": "MISC",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"name": "https://www.openwall.com/lists/oss-security/2015/07/18/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5591",
"datePublished": "2019-12-31T20:42:39",
"dateReserved": "2015-07-17T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4563
Vulnerability from cvelistv5
Published
2010-01-04 21:00
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51782 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/55921 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/35863 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/9166 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zenphoto-adminoptions-csrf(51782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51782"
},
{
"name": "55921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55921"
},
{
"name": "35863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35863"
},
{
"name": "9166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zenphoto-adminoptions-csrf(51782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51782"
},
{
"name": "55921",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55921"
},
{
"name": "35863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35863"
},
{
"name": "9166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a saveoptions action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zenphoto-adminoptions-csrf(51782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51782"
},
{
"name": "55921",
"refsource": "OSVDB",
"url": "http://osvdb.org/55921"
},
{
"name": "35863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35863"
},
{
"name": "9166",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4563",
"datePublished": "2010-01-04T21:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T07:08:37.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2186
Vulnerability from cvelistv5
Published
2006-05-04 10:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/432718/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26220 | vdb-entry, x_refsource_XF | |
| http://securityreason.com/securityalert/834 | third-party-advisory, x_refsource_SREASON | |
| http://zone14.free.fr/advisories/2/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/17779 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/432718/100/0/threaded"
},
{
"name": "zenphoto-i-path-disclosure(26220)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26220"
},
{
"name": "834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/834"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zone14.free.fr/advisories/2/"
},
{
"name": "17779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/432718/100/0/threaded"
},
{
"name": "zenphoto-i-path-disclosure(26220)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26220"
},
{
"name": "834",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/834"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zone14.free.fr/advisories/2/"
},
{
"name": "17779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060502 zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432718/100/0/threaded"
},
{
"name": "zenphoto-i-path-disclosure(26220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26220"
},
{
"name": "834",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/834"
},
{
"name": "http://zone14.free.fr/advisories/2/",
"refsource": "MISC",
"url": "http://zone14.free.fr/advisories/2/"
},
{
"name": "17779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2186",
"datePublished": "2006-05-04T10:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:28.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4564
Vulnerability from cvelistv5
Published
2010-01-04 21:00
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/9154 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9154",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9154",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9154",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4564",
"datePublished": "2010-01-04T21:00:00",
"dateReserved": "2010-01-04T00:00:00",
"dateUpdated": "2024-08-07T07:08:38.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0994
Vulnerability from cvelistv5
Published
2012-02-21 00:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zenphoto.org/trac/changeset/8995 | x_refsource_CONFIRM | |
| http://www.zenphoto.org/trac/changeset/8994 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51916 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47875 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.htbridge.ch/advisory/HTB23070 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73082 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zenphoto.org/news/zenphoto-1.4.2.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:25.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "zenphoto-albumsort-sql-injection(73082)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73082"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "zenphoto-albumsort-sql-injection(73082)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73082"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/trac/changeset/8995",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"name": "http://www.zenphoto.org/trac/changeset/8994",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "51916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47875"
},
{
"name": "https://www.htbridge.ch/advisory/HTB23070",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "zenphoto-albumsort-sql-injection(73082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73082"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.2.1",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0994",
"datePublished": "2012-02-21T00:00:00",
"dateReserved": "2012-02-02T00:00:00",
"dateUpdated": "2024-08-06T18:45:25.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4907
Vulnerability from cvelistv5
Published
2011-10-08 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/41342 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/43021 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/513525/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/ | x_refsource_MISC | |
| http://securityreason.com/securityalert/8442 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41342"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt"
},
{
"name": "43021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43021"
},
{
"name": "20100907 Security problems in Zenphoto version 1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513525/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/"
},
{
"name": "8442",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41342",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41342"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt"
},
{
"name": "43021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43021"
},
{
"name": "20100907 Security problems in Zenphoto version 1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513525/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/"
},
{
"name": "8442",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41342"
},
{
"name": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt"
},
{
"name": "43021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43021"
},
{
"name": "20100907 Security problems in Zenphoto version 1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513525/100/0/threaded"
},
{
"name": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/"
},
{
"name": "8442",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4907",
"datePublished": "2011-10-08T10:00:00",
"dateReserved": "2011-10-07T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5593
Vulnerability from cvelistv5
Published
2019-12-31 20:42
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event.
References
| ▼ | URL | Tags |
|---|---|---|
| https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/ | x_refsource_MISC | |
| http://www.zenphoto.org/news/zenphoto-1.4.9 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2015/07/18/3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:03.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in \"\u003c\u003cscript\u003e\u003c/script\u003escript\u003epayload\u003cscript\u003e\u003c/script\u003e\u003c/script\u003e\", or in an image tag, with the payload as the onerror event."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-31T20:42:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in \"\u003c\u003cscript\u003e\u003c/script\u003escript\u003epayload\u003cscript\u003e\u003c/script\u003e\u003c/script\u003e\", or in an image tag, with the payload as the onerror event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/",
"refsource": "MISC",
"url": "https://software-talk.org/blog/2015/07/second-order-sql-injection-reflected-xss-path-traversal-function-execution-vulnerability-zenphoto/"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.9",
"refsource": "MISC",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.9"
},
{
"name": "http://www.openwall.com/lists/oss-security/2015/07/18/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2015/07/18/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5593",
"datePublished": "2019-12-31T20:42:46",
"dateReserved": "2015-07-17T00:00:00",
"dateUpdated": "2024-08-06T06:50:03.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-36079
Vulnerability from cvelistv5
Published
2021-02-26 22:49
Modified
2024-08-04 17:16
Severity ?
EPSS score ?
Summary
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has "lots of other possibilities to harm a site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html | x_refsource_MISC | |
| https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/ | x_refsource_MISC | |
| https://github.com/zenphoto/zenphoto/issues/1292 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:16:14.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zenphoto/zenphoto/issues/1292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server\u0027s uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has \"lots of other possibilities to harm a site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T07:48:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zenphoto/zenphoto/issues/1292"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server\u0027s uploaded/ directory. NOTE: the vendor disputes this because exploitation can only be performed by an admin who has \"lots of other possibilities to harm a site.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161569/Zenphoto-CMS-1.5.7-Shell-Upload.html"
},
{
"name": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/",
"refsource": "MISC",
"url": "https://www.zenphoto.org/news/why-not-every-security-issue-is-really-an-issue/"
},
{
"name": "https://github.com/zenphoto/zenphoto/issues/1292",
"refsource": "MISC",
"url": "https://github.com/zenphoto/zenphoto/issues/1292"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36079",
"datePublished": "2021-02-26T22:49:40",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-04T17:16:14.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0995
Vulnerability from cvelistv5
Published
2012-02-21 00:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zenphoto.org/trac/changeset/8995 | x_refsource_CONFIRM | |
| http://www.zenphoto.org/trac/changeset/8994 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73083 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/51916 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/47875 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.htbridge.ch/advisory/HTB23070 | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zenphoto.org/news/zenphoto-1.4.2.1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:26.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "zenphoto-multiple-xss(73083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73083"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "zenphoto-multiple-xss(73083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73083"
},
{
"name": "51916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/trac/changeset/8995",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"name": "http://www.zenphoto.org/trac/changeset/8994",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "zenphoto-multiple-xss(73083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73083"
},
{
"name": "51916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47875"
},
{
"name": "https://www.htbridge.ch/advisory/HTB23070",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.2.1",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0995",
"datePublished": "2012-02-21T00:00:00",
"dateReserved": "2012-02-02T00:00:00",
"dateUpdated": "2024-08-06T18:45:26.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4906
Vulnerability from cvelistv5
Published
2011-10-08 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/43021 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/513525/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/41350 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/ | x_refsource_MISC | |
| http://securityreason.com/securityalert/8442 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt"
},
{
"name": "43021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43021"
},
{
"name": "20100907 Security problems in Zenphoto version 1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513525/100/0/threaded"
},
{
"name": "41350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41350"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/"
},
{
"name": "8442",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt"
},
{
"name": "43021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43021"
},
{
"name": "20100907 Security problems in Zenphoto version 1.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513525/100/0/threaded"
},
{
"name": "41350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41350"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/"
},
{
"name": "8442",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1009-exploits/zenphoto-sqlxss.txt"
},
{
"name": "43021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43021"
},
{
"name": "20100907 Security problems in Zenphoto version 1.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513525/100/0/threaded"
},
{
"name": "41350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41350"
},
{
"name": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/",
"refsource": "MISC",
"url": "http://www.acunetix.com/blog/web-security-zone/articles/zenphoto-13-advisory/"
},
{
"name": "8442",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4906",
"datePublished": "2011-10-08T10:00:00",
"dateReserved": "2011-10-07T00:00:00",
"dateUpdated": "2024-08-07T04:02:30.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}