Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0993

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-0993
Last Modified 21 Feb 2012 12:00:00
Published 21 Feb 2012 08:31:45
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0993

Summary

Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.

Vulnerable Systems

Application

  • Zenphoto 1.4.2


References

MISC - https://www.htbridge.ch/advisory/HTB23070

XF - zenphoto-viewersizeimage-code-execution(73081)

CONFIRM - http://www.zenphoto.org/trac/changeset/8995

CONFIRM - http://www.zenphoto.org/trac/changeset/8994

CONFIRM - http://www.zenphoto.org/news/zenphoto-1.4.2.1

BID - 51916

SECUNIA - 47875

BUGTRAQ - 20120208 Multiple vulnerabilities in ZENphoto


Last Updated: 27 May 2016 10:58:18