Known Vulnerabilities for products from Zenphoto

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zenphoto".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-44449 json Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker wit... 4.8 - MEDIUM 2022-12-21 2022-12-30
CVE-2020-36079 json ** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. T... 7.2 - HIGH 2021-02-26 2023-11-07
CVE-2020-5593 json Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a speci... 8.8 - HIGH 2020-06-11 2021-07-21
CVE-2020-5592 json Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScr... 6.1 - MEDIUM 2020-06-11 2020-06-15
CVE-2018-20140 json Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. 6.1 - MEDIUM 2019-03-21 2019-03-21
CVE-2018-0610 json Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege t... 7.2 - HIGH 2018-06-26 2019-10-03
CVE-2015-5595 json Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the a... 6.5 - MEDIUM 2019-12-31 2020-01-07
CVE-2015-5594 json The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which ... Not Provided 2017-07-25 2025-04-20
CVE-2015-5593 json The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to ... 6.1 - MEDIUM 2019-12-31 2020-01-07
CVE-2015-5592 json Incomplete blacklist in sanitize_string in Zenphoto before 1.4.9 allows remote attackers to conduct cross-site scripting (XSS... 6.1 - MEDIUM 2019-12-31 2020-01-07
CVE-2015-5591 json SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. 7.2 - HIGH 2019-12-31 2020-01-06
CVE-2015-2949 json Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web scri... Not Provided 2015-05-31 2026-05-06
CVE-2015-2948 json Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject ar... Not Provided 2015-05-31 2026-05-06
CVE-2013-7242 json SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authentica... Not Provided 2013-12-31 2026-04-29
CVE-2013-7241 json Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4... Not Provided 2013-12-31 2026-04-29
CVE-2012-4519 json Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. 6.1 - MEDIUM 2020-02-11 2020-02-12
CVE-2012-2641 json Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or H... Not Provided 2012-07-05 2026-04-29
CVE-2012-0995 json Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script o... Not Provided 2012-02-21 2026-04-29
CVE-2012-0994 json SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authe... Not Provided 2012-02-21 2026-04-29
CVE-2012-0993 json Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plu... Not Provided 2012-02-21 2026-04-29
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Zenphoto

Type Vendor Product Version
ApplicationZenphotoZenphoto0.1.1
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report