Vulnerabilities > Zenphoto > Zenphoto > 1.5.4

DATE CVE VULNERABILITY TITLE RISK
2021-02-26 CVE-2020-36079 Unrestricted Upload of File with Dangerous Type vulnerability in Zenphoto
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution.
network
low complexity
zenphoto CWE-434
7.2
2020-06-11 CVE-2020-5593 Injection vulnerability in Zenphoto
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.
network
low complexity
zenphoto CWE-74
6.5
2020-06-11 CVE-2020-5592 Cross-site Scripting vulnerability in Zenphoto
Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors.
network
zenphoto CWE-79
4.3