Vulnerabilities > Zenphoto

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-0610 Improper Privilege Management vulnerability in Zenphoto
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.
network
low complexity
zenphoto CWE-269
7.2
2017-07-25 CVE-2015-5594 Cross-site Scripting vulnerability in Zenphoto
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string.
network
low complexity
zenphoto CWE-79
6.1