Description

Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.

Remediation

References

CVE-2020-5593

Related Vulnerabilities

WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Request Forgery (7.8)

SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)

WordPress Plugin vSlider Multi Image Slider for WordPress Arbitrary File Upload (4.1.2)

WordPress Plugin Daily Inspiration Generator Cross-Site Scripting (2.0)

PHP Other Vulnerability (CVE-2014-4670)

Severity

High

Classification

CVE-2020-5593 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities