Vulnerabilities > Zenphoto > Zenphoto > 1.5.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-26 | CVE-2020-36079 | Unrestricted Upload of File with Dangerous Type vulnerability in Zenphoto Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. | 7.2 |
2020-06-11 | CVE-2020-5593 | Injection vulnerability in Zenphoto Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file. | 6.5 |