Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0994

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2012-0994
Last Modified 21 Feb 2012 12:00:00
Published 21 Feb 2012 08:31:45
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-0994

Summary

SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.

Vulnerable Systems

Application

  • Zenphoto 1.4.2


References

MISC - https://www.htbridge.ch/advisory/HTB23070

XF - zenphoto-albumsort-sql-injection(73082)

CONFIRM - http://www.zenphoto.org/trac/changeset/8995

CONFIRM - http://www.zenphoto.org/trac/changeset/8994

CONFIRM - http://www.zenphoto.org/news/zenphoto-1.4.2.1

BID - 51916

SECUNIA - 47875

BUGTRAQ - 20120208 Multiple vulnerabilities in ZENphoto


Last Updated: 27 May 2016 10:57:26