Vulnerabilities > Zenphoto > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-26 | CVE-2020-36079 | Unrestricted Upload of File with Dangerous Type vulnerability in Zenphoto Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. | 7.2 |
| 2011-10-08 | CVE-2010-4906 | SQL Injection vulnerability in Zenphoto 1.3/1.3.1.2 SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. | 7.5 |
| 2010-01-04 | CVE-2009-4566 | SQL Injection vulnerability in Zenphoto 1.2.5 SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. | 7.5 |
| 2008-01-04 | CVE-2007-6666 | SQL Injection vulnerability in Zenphoto SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter. | 7.5 |
| 2007-01-31 | CVE-2007-0616 | Unspecified vulnerability in Zenphoto 1.0.4/1.0.5/1.0.6 Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. | 7.8 |