Zenphoto Multiple Security Vulnerabilities
BID:51916
Info
Zenphoto Multiple Security Vulnerabilities
| Bugtraq ID: | 51916 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4448 CVE-2012-0993 CVE-2012-0995 CVE-2012-0994 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 08 2012 12:00AM |
| Updated: | Feb 22 2012 02:30PM |
| Credit: | High-Tech Bridge SA Security Research Lab |
| Vulnerable: |
Zenphoto zenphoto 1.4.2 |
| Not Vulnerable: |
Zenphoto zenphoto 1.4.2.1 |
Discussion
Zenphoto Multiple Security Vulnerabilities
Zenphoto is prone to multiple cross-site scripting vulnerabilities, an SQL-injection vulnerability, and a PHP code-injection vulnerability.
An attacker can exploit the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The PHP code injection can be exploited to inject and execute arbitrary malicious PHP code in the context of the webserver process.
An attacker may be able to modify the logic of SQL queries. A successful exploit may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.
ZENphoto 1.4.2 is vulnerable; other versions may also be affected
Zenphoto is prone to multiple cross-site scripting vulnerabilities, an SQL-injection vulnerability, and a PHP code-injection vulnerability.
An attacker can exploit the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials. The PHP code injection can be exploited to inject and execute arbitrary malicious PHP code in the context of the webserver process.
An attacker may be able to modify the logic of SQL queries. A successful exploit may allow the attacker to compromise the software, retrieve information, or modify data; other consequences are possible as well.
ZENphoto 1.4.2 is vulnerable; other versions may also be affected
Exploit / POC
Zenphoto Multiple Security Vulnerabilities
Attackers can exploit these issues with a browser.
The following example URIs and input are available:
Attackers can exploit these issues with a browser.
The following example URIs and input are available:
Solution / Fix
Zenphoto Multiple Security Vulnerabilities
Solution:
The vendor released updates to address these issues. Please see the references for more information.
Solution:
The vendor released updates to address these issues. Please see the references for more information.
References
Zenphoto Multiple Security Vulnerabilities
References:
References:
- zenphoto 1.4.2.1 (zenphoto)
- Zenphoto Homepage (Zenphoto)
- Multiple vulnerabilities in ZENphoto (High-Tech Bridge SA Security Research Lab)