Description

Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).

Remediation

References

CVE-2015-5595

Related Vulnerabilities

WordPress Plugin File Manager Unspecified Vulnerability (5.1.5)

WordPress 3.9.x Cross-Site Scripting Vulnerability (3.9 - 3.9.9)

WordPress Plugin Author Periodic Report Cross-Site Scripting (1.0)

WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data Security Bypass (1.0.7)

WordPress Plugin Asgaros Forum Security Bypass (1.5.7)

Severity

Medium

Classification

CVE-2015-5595 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities