Description
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slideshow Gallery LITE Multiple Vulnerabilities (1.5.3)
WordPress Plugin Banner Garden Multiple Cross-Site Scripting Vulnerabilities (0.1.3)
Oracle Database Server CVE-2014-6547 Vulnerability (CVE-2014-6547)
WordPress Plugin Site Reviews Cross-Site Scripting (2.15.2)
WordPress Plugin Simple Slideshow Manager Multiple Unspecified Vulnerabilities (2.1)