Vulnerabilities > Zenphoto
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-0610 | Improper Privilege Management vulnerability in Zenphoto Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. | 7.2 |
| 2017-07-25 | CVE-2015-5594 | Cross-site Scripting vulnerability in Zenphoto The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. | 6.1 |